CVE-2024-8286

Medium CVSS: 6.5

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks

Vendor

Webtoffee

Product

Gdpr Cookie Consent

CWE

CWE-352

Yayın Tarihi

2025-05-15 20:15:58

Güncelleme

2025-06-12 15:34:28

Source Identifier

contact@wpscan.com

KEV Date Added

Kategoriler

CWE-352 Gdpr Cookie Consent MEDIUM Webtoffee 2025

Referanslar

https://wpscan.com/vulnerability/628bbac0-76b1-4666-9c00-bae84b48f85c/

Benzer Kayıtlar

Medium

CVE-2024-8397

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not properly sanitize and escape the IP headers whe…

Medium

CVE-2025-1769

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Direct…

Low

CVE-2025-1911

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitr…

High

CVE-2025-1912

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server…

High

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Ob…

High

CVE-2025-1971

The Export and Import Users and Customers plugin for WordPress is vulnerable to PHP Object Injection in all versions up…