CVE-2024-8286

MEDIUM

WordPress Plugin <2.6.1 - CSRF

Title source: llm

Description

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/628bbac0-76b1-4666-9c00-bae84b48f85c/

Scores

CVSS v3 6.5

EPSS 0.0015

EPSS Percentile 35.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Classification

CWE

CWE-352

Status published

Affected Products (1)

webtoffee/gdpr_cookie_consent < 2.6.1

Timeline

Published May 15, 2025

Tracked Since Feb 18, 2026