CVE-2025-11754 - Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for ...

CVE ID : CVE-2025-11754 Published : Feb. 19, 2026, 3:25 a.m. | 50 minutes ago Description : The GDPR Cookie Consent plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'gdpr/v1/settings' REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated attackers to retrieve sensitive plugin settings including API tokens, email addresses, account IDs, and site keys. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...