GCVE - cpe:2.3:a:ninjateam:gdpr_ccpa_compliance_\&_cookie_consent

Approved changes feed: RSS · Atom

cpe:2.3:a:ninjateam:gdpr_ccpa_compliance_\&_cookie_consent_banner:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Ninjateam (`60f12742-896a-5f99-ac58-783aeff1a80d`)
Product	Gdpr Ccpa Compliance & Cookie Consent Banner (`f85003cc-5f76-59f2-b722-31f93187002e`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-24591`	vulnerable	2026-06-03 14:59:56.385136	WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability MEDIUM (4.3) Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1. Published: 2025-01-24T17:24:18.087Z Updated: 2026-05-11T23:16:35.810Z Open on db.gcve.eu Reference links https://patchstack.com/database/Wordpress/Plugin/ninja-gdpr-compliance/vulnerability/wordpress-gdpr-ccpa-compliance-cookie-consent-banner-plugin-2-7-1-broken-access-control-vulnerability?_s_id=cve	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-5607`	vulnerable	2026-06-03 14:57:53.391768	GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting MEDIUM (5.4) The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts. Published: 2024-06-07T02:39:28.634Z Updated: 2026-04-08T17:17:54.418Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f870a6-26a5-4f98-9bd6-12736c561265?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3097680%40ninja-gdpr-compliance&new=3097680%40ninja-gdpr-compliance&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Gdpr Ccpa Compliance & Cookie Consent Banner

PURL mappings

Vulnerability references

Contribute