MEDIUM
wplegalpages
CVE published 2026-07-10
CVE-2026-14475
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6. This vulnerability allows authenticated attackers, with administrator-level access and above, to append additional SQL queries into existing queries, potentially leading to sensitive information extraction from the database.