CVE-2024-11724

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 12, 2024
CWE ID 862

Summary

CVE-2024-11724 is a vulnerability affecting the Cookie Consent plugin for WordPress, specifically versions up to and including 3.6.5. This issue allows authenticated attackers with Subscriber-level access or higher to bypass capability checks on the wpl_script_save AJAX action. As a result, attackers can unauthorized modify data, including whitelisting scripts, putting websites using this plugin at risk. This vulnerability poses a significant concern for privacy compliance, as it undermines the intended GDPR, CCPA, and ePrivacy protections provided by the plugin.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share