Which Complianz – GDPR/CCPA Cookie Consent CVEs are tracked?

Complianz – GDPR/CCPA Cookie Consent tracked CVEs include CVE-2025-11185, CVE-2023-1069, CVE-2023-33333, CVE-2022-0193, and CVE-2026-4019.

How many Complianz – GDPR/CCPA Cookie Consent vulnerabilities have patch guidance?

17 of 17 tracked Complianz – GDPR/CCPA Cookie Consent records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 17 known issues Latest disclosed Apr 28, 2026

Complianz – GDPR/CCPA Cookie Consent Vulnerabilities

Review known vulnerability records for the WordPress plugin Complianz – GDPR/CCPA Cookie Consent (`complianz-gdpr`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2026-4019, CVE-2026-2389 and CVE-2025-11185, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Apr 28, 2026

Priority CVE Quick Links

Fast paths into Complianz – GDPR/CCPA Cookie Consent CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2025-11185 Medium 7.4.4

CVE-2025-11185 Complianz – GDPR/CCPA Cookie Consent Stored Cross-Site Scripting

Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

CVE-2023-1069 Medium 6.4.2

CVE-2023-1069 Complianz – GDPR/CCPA Cookie Consent Stored Cross-Site Scripting

Complianz - GDPR/CCPA Cookie Consent <= 6.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

CVE-2023-33333 Medium 6.4.5

CVE-2023-33333 Complianz – GDPR/CCPA Cookie Consent Cross-Site Request Forgery

Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add

CVE-2023-33333 Medium 6.4.5

CVE-2023-33333 Complianz – GDPR/CCPA Cookie Consent Cross-Site Request Forgery

Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save

CVE-2022-0193 Medium 6.0.0

CVE-2022-0193 Complianz – GDPR/CCPA Cookie Consent Cross-Site Scripting

Complianz - GDPR/CCPA Cookie Consent <= 5.5.2 - Reflected Cross-Site Scripting via s parameter

CVE-2023-33333 Medium 6.4.5

CVE-2023-33333 Complianz – GDPR/CCPA Cookie Consent Cross-Site Request Forgery

Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot

CVE-2026-4019 Medium 7.4.6

CVE-2026-4019 Complianz – GDPR/CCPA Cookie Consent Vulnerability

Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

CVE-2026-2389 Medium 7.4.5

CVE-2026-2389 Complianz – GDPR/CCPA Cookie Consent Stored Cross-Site Scripting

Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Complianz – GDPR/CCPA Cookie Consent so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

17 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 0 high severity findings.

Recent CVEs

CVE-2026-4019, CVE-2026-2389 and CVE-2025-11185

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2026-4019 Medium Patch path listed

CVE-2026-4019: Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /w...

Published

Apr 28, 2026

Patch Status

7.4.6

Open CVE-2026-4019 Report

CVE-2026-2389 Medium Patch path listed

CVE-2026-2389: Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_s...

Published

Mar 25, 2026

Patch Status

7.4.5

Open CVE-2026-2389 Report

CVE-2025-11185 Medium Patch path listed

CVE-2025-11185: Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including,...

Published

Feb 17, 2026

Patch Status

7.4.4

Open CVE-2025-11185 Report

Known Vulnerabilities

Reports for Complianz – GDPR/CCPA Cookie Consent

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2026-4019

CVE-2026-4019: Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permissio...

Published

Apr 28, 2026

Patched Release

7.4.6

Affected Versions

Versions up to 7.4.5

Next Step

Update to 7.4.6 or newer if supported.

Open CVE-2026-4019 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2026-2389

CVE-2026-2389: Complianz – GDPR/CCPA Cookie Consent <= 7.4.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Content Filter

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 7.4.4.2. This is due to the `revert_divs_to_summary` function replacing `”` HTML entities with literal double-quote characters (`...

Published

Mar 25, 2026

Patched Release

7.4.5

Affected Versions

Versions up to 7.4.4.2

Next Step

Update to 7.4.5 or newer if supported.

Open CVE-2026-2389 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-11185

CVE-2025-11185: Complianz | GDPR/CCPA Cookie Consent <= 7.4.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cmplz-accept-link shortcode in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping on user supplied attribut...

Published

Feb 17, 2026

Patched Release

7.4.4

Affected Versions

Versions up to 7.4.3

Next Step

Update to 7.4.4 or newer if supported.

Open CVE-2025-11185 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-1592

CVE-2024-1592: Complianz – GDPR/CCPA Cookie Consent <= 6.5.6 - Cross-Site Request Forgery to Data Request Deletion

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible f...

Published

Mar 01, 2024

Patched Release

7.0.0

Affected Versions

Versions up to 6.5.6

Next Step

Update to 7.0.0 or newer if supported.

Open CVE-2024-1592 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-6498

CVE-2023-6498: Complianz | GDPR/CCPA Cookie Consent <= 6.5.5 - Authenticated(Administrator+) Stored Cross-site Scripting via settings

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

Published

Jan 03, 2024

Patched Release

6.5.6

Affected Versions

Versions up to 6.5.5

Next Step

Update to 6.5.6 or newer if supported.

Open CVE-2023-6498 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-34030

CVE-2023-34030: Complianz | GDPR/CCPA Cookie Consent <= 6.4.5 - Cross-Site Request Forgery

The Complianz | GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.5. This is due to missing nonce validation on the process_ajax_destination_clear, dismiss_review_notice_callback, and dismiss_warning fu...

Published

May 30, 2023

Patched Release

6.4.6

Affected Versions

Versions before 6.4.6

Next Step

Update to 6.4.6 or newer if supported.

Open CVE-2023-34030 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-33333

CVE-2023-33333: Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_add

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the ajax_script_add function. This makes it possible for unauthenticated atta...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open CVE-2023-33333 Report Open CVE Reference

Plugin Medium Patched: Yes

Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via cmplz_delete_cookiebanner

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the cmplz_delete_cookiebanner function. This makes it possible for unauthenti...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open Full Report

Plugin Medium Patched: Yes CVE-2023-33333

CVE-2023-33333: Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_delete_snapshot

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the ajax_delete_snapshot function. This makes it possible for unauthenticated...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open CVE-2023-33333 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-33333

CVE-2023-33333: Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_create_pages

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the ajax_create_pages function. This makes it possible for unauthenticated at...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open CVE-2023-33333 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-33333

CVE-2023-33333: Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via ajax_script_save

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the ajax_script_save function. This makes it possible for unauthenticated att...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open CVE-2023-33333 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-33333

CVE-2023-33333: Complianz - GDPR/CCPA Cookie Consent <= 6.4.4 - Cross-Site Request Forgery via run_sync

The Complianz - GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.4. This is due to missing or incorrect nonce validation on the run_sync function. This makes it possible for unauthenticated attackers t...

Published

May 12, 2023

Patched Release

6.4.5

Affected Versions

Versions up to 6.4.4

Next Step

Update to 6.4.5 or newer if supported.

Open CVE-2023-33333 Report Open CVE Reference