CyberRota
← Ana sayfaya dön

CVE-2026-12955

MEDIUM · CVSS 4.3

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-07-10T09:16:52.987 · Çekilme zamanı: 2026-07-10T12:06:58.812747+00:00

CyberRota Yorumu

Detaylı analiz gerekiyor.

CVE
CVE-2026-12955
Severity
MEDIUM
CVSS
4.3
EPSS
Yok
WordPress

Orijinal NVD Açıklaması

The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check and missing nonce verification on the gdpr_cookie_consent_ajax_save_schedule_scan() function (the wp_ajax_gcc_save_schedule_scan AJAX action) in versions up to, and including, 4.3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's cookie scan schedule configuration stored in the gdpr_scan_schedule_data option, which is an administrative function intended to be limited to users with the manage_options capability.