Improper Access Controls in WordPress GDPR Cookie Consent Plugin <= 1.8.2
https://www.wordfence.comGDPR Cookie Consent WordPress plugin By WebToffee has over 700000+ active installations and a security vulnerability was recently discovered in version 1.8.2 and lower. This vulnerability has been fixed in version 1.8.3. We recommend that users immediately update to the latest version available.
Improper Access Controls issue could allow an authenticated user with low privileges (such as a subscriber) to:
- Change the status of any post/page from published to draft, removing them from the frontend of the blog
- Put a payload in the content of one of them, leading to Stored Cross-Site Scripting issues.