Description
WordPress Plugin Cookie Information-Free GDPR Consent Solution is prone to a privilege escalation vulnerability. Exploiting this issue may allow attackers to bypass the expected capabilities check and perform otherwise restricted actions; other attacks are also possible. WordPress Plugin Cookie Information-Free GDPR Consent Solution version 1.4.2 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.3 or latest
References
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
https://medium.com/alertot/serialization-flaw-in-wp-gdpr-compliance-8cfc8feb4ec3
https://plugins.svn.wordpress.org/wp-gdpr-compliance/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Activity Log Multiple Cross-Site Scripting Vulnerabilities (2.4.0)
WordPress Plugin WP AmASIN-The Amazon Affiliate Shop Directory Traversal (0.9.6)
WordPress Plugin Bitcoin Faucet Cross-Site Scripting (1.0.12)
WordPress Plugin Vuukle Comments, Reactions, Share Bar, Revenue Unspecified Vulnerability (4.0.2)