CVE-2026-4019
Unauthorized Data Access in Complianz WordPress Plugin via REST API
Publication date: 2026-04-29
Last updated on: 2026-04-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| complianz | gdpr_cookie_consent_plugin | to 7.4.5 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the Complianz β GDPR/CCPA Cookie Consent plugin for WordPress, versions up to and including 7.4.5. It arises because the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses __return_true as its permission callback, which means it does not restrict access based on user authentication.
This endpoint calls the function cmplz_rest_consented_content(), which retrieves a post by its ID and returns the consentedContent attribute of any complianz/consent-area block found within that post. However, it does not check whether the post is published or if the user has permission to read it.
As a result, unauthenticated attackers can access the content of consent area blocks from private, draft, or unpublished posts, leading to unauthorized data access.
Can you explain this vulnerability to me?
The vulnerability exists in the Complianz β GDPR/CCPA Cookie Consent plugin for WordPress, affecting all versions up to and including 7.4.5. It arises because the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses __return_true as the permission callback, which means it allows any unauthenticated user to access it.
The function cmplz_rest_consented_content() retrieves a post by its ID and returns the consentedContent attribute of any complianz/consent-area block found in that post without verifying if the post is published or if the user has permission to read it.
As a result, unauthenticated attackers can read the consent area block content from private, draft, or unpublished posts, leading to unauthorized data access.
How can this vulnerability impact me? :
This vulnerability allows unauthenticated attackers to access sensitive content from private, draft, or unpublished posts through the plugin's REST API endpoint.
Such unauthorized data access can lead to exposure of confidential or sensitive information that was not intended to be publicly available.
Since the vulnerability does not require authentication, it increases the risk of data leakage without any user credentials or permissions.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} is accessible without authentication and returns content from private, draft, or unpublished posts.
A practical way to detect this on your system is to send an unauthenticated HTTP GET request to this endpoint with various post_id and block_id values and observe if it returns consent area content from posts that should not be publicly accessible.
- Use curl to test the endpoint: curl -X GET https://your-wordpress-site.com/wp-json/complianz/v1/consent-area/{post_id}/{block_id}
- Replace {post_id} and {block_id} with IDs of private, draft, or unpublished posts to check if unauthorized content is returned.
If the response contains consent area content from non-public posts, the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Complianz GDPR/CCPA Cookie Consent plugin to a version later than 7.4.5 where this vulnerability is fixed.
If an update is not immediately possible, restrict access to the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} by implementing authentication or IP-based access controls at the web server or application firewall level.
Additionally, monitor and audit access logs for suspicious unauthenticated requests to this endpoint.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability allows unauthenticated attackers to access consent area block content from private, draft, or unpublished posts via the REST API endpoint without proper permission checks.
Since the plugin is designed to manage GDPR and CCPA cookie consent, unauthorized data access could lead to exposure of sensitive consent-related information, potentially violating data protection requirements under GDPR and similar regulations.
Such unauthorized access undermines the confidentiality and integrity of user consent data, which is critical for compliance with privacy regulations like GDPR and HIPAA that mandate strict control over personal data access.
How can this vulnerability impact me? :
This vulnerability allows any unauthenticated user to access sensitive content from private, draft, or unpublished posts on a WordPress site using the Complianz GDPR plugin. This means that confidential or not-yet-public information could be exposed without any authentication or authorization.
Such unauthorized data access can lead to information leakage, potentially harming the privacy of users or the confidentiality of the website's content.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} is accessible without authentication and returns content from private, draft, or unpublished posts.
You can use the following command to test access to this endpoint on your WordPress site:
- curl -X GET https://your-wordpress-site.com/wp-json/complianz/v1/consent-area/{post_id}/{block_id}
Replace {post_id} and {block_id} with IDs of posts and blocks you want to test. If the response returns consent area content from posts that should not be publicly accessible (e.g., private or draft posts), your system is vulnerable.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Complianz GDPR/CCPA Cookie Consent plugin to a version later than 7.4.5 where this vulnerability is fixed.
If an update is not immediately possible, restrict access to the vulnerable REST API endpoint by implementing authentication or access controls at the web server or application firewall level to prevent unauthenticated users from accessing /wp-json/complianz/v1/consent-area/*.
Additionally, monitor your logs for suspicious access to this endpoint and consider temporarily disabling the Complianz plugin if feasible until a patch is applied.