PatchSiren

wplegalpages CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM wplegalpages CVE published 2026-07-10

CVE-2026-14475

The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6. This vulnerability allows authenticated attackers, with administrator-level access and above, to append additional SQL queries into existing queries, potentially leading to sensitive information extraction from the database.