CVE-2023-4013

Published: Aug 30, 2023Modified: Apr 23, 2025

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

The GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent) WordPress plugin before 4.12.5 does not have proper CSRF checks when managing its license, which could allow attackers to make logged in admins update and deactivate the plugin's license via CSRF attacks

Affected (1)

Products: Mooveagency: Gdpr Cookie Compliance

Mooveagency

1 product

Gdpr Cookie Compliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mooveagency Gdpr Cookie Compliance	Before 4.12.5

References (2)

https://wpscan.com/vulnerability/54e4494c-a280-4d91-803d-7d55159cdbc5

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/54e4494c-a280-4d91-803d-7d55159cdbc5

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.