CVE-2026-14475
Last modified
CVE-2026-14475 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.. EPSS estimates a 0.29% chance of exploitation in the next 30 days.
Description
The Cookie Banner for GDPR / CCPA – WPLP Cookie Consent plugin for WordPress is vulnerable to generic SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
Source: CNA advisory (CVE.org). NVD analysis pending.
| Vendor | Product | Versions |
|---|---|---|
| wplegalpages | Cookie Banner for GDPR / CCPA – WPLP Cookie Consent | <= 4.3.6 |
References
Timeline
- Published
- Last Modified
- Status
- Deferred
Frequently Asked Questions
What is CVE-2026-14475?
How severe is CVE-2026-14475?
How do I fix CVE-2026-14475?
Related CVEs from 2026
- CVE-2026-14460Missing Authorization vulnerability in TUBITAK BILGEM Softwa…8.8
- CVE-2026-14461mtr is vulnerable to Out-of-bound read vulnerability in ipin…5.1
- CVE-2026-14468HashiCorp Terraform Enterprise contained an issue in its ver…7.7
- CVE-2026-1447The Mail Mint plugin for WordPress is vulnerable to Cross-Si…5.4
- CVE-2026-14471Improper Neutralization of Special Elements in the metrics-s…8.6
- CVE-2026-14474A flaw was found in SSSD's LDAP sudo provider. When the ldap…8.8
- CVE-2026-14476A path traversal flaw was found in SSSD's AD GPO provider. T…8
- CVE-2026-1448A vulnerability was detected in D-Link DIR-615 up to 4.10. T…7.3
- CVE-2026-14482The 多说社会化评论框 plugin for WordPress is vulnerable to Privilege…8.8
- CVE-2026-14487The Simple Coherent Form plugin for WordPress is vulnerable …9.1
- CVE-2026-14489The WHMCS Bridge plugin for WordPress is vulnerable to arbit…8.8
- CVE-2026-1449A flaw has been found in Hisense TransTech Smart Bus Managem…7.3
Are you affected by CVE-2026-14475?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST
