CVE-2024-11724
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2024-11724 is a vulnerability affecting the Cookie Consent plugin for WordPress, specifically versions up to and including 3.6.5. This issue allows authenticated attackers with Subscriber-level access or higher to bypass capability checks on the wpl_script_save AJAX action. As a result, attackers can unauthorized modify data, including whitelisting scripts, putting websites using this plugin at risk. This vulnerability poses a significant concern for privacy compliance, as it undermines the intended GDPR, CCPA, and ePrivacy protections provided by the plugin.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.