Executive Summary

The vulnerability exists in the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress, affecting all versions up to and including 7.4.5. It arises because the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses __return_true as the permission callback, which means it allows any unauthenticated user to access it.

The function cmplz_rest_consented_content() retrieves a post by its ID and returns the consentedContent attribute of any complianz/consent-area block found in that post without verifying if the post is published or if the user has permission to read it.

As a result, unauthenticated attackers can read the consent area block content from private, draft, or unpublished posts, leading to unauthorized data access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows unauthenticated attackers to access sensitive content from private, draft, or unpublished posts through the plugin's REST API endpoint.

Such unauthorized data access can lead to exposure of confidential or sensitive information that was not intended to be publicly available.

Since the vulnerability does not require authentication, it increases the risk of data leakage without any user credentials or permissions.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} is accessible without authentication and returns content from private, draft, or unpublished posts.

A practical way to detect this on your system is to send an unauthenticated HTTP GET request to this endpoint with various post_id and block_id values and observe if it returns consent area content from posts that should not be publicly accessible.

• Use curl to test the endpoint: curl -X GET https://your-wordpress-site.com/wp-json/complianz/v1/consent-area/{post_id}/{block_id}
• Replace {post_id} and {block_id} with IDs of private, draft, or unpublished posts to check if unauthorized content is returned.

If the response contains consent area content from non-public posts, the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the Complianz GDPR/CCPA Cookie Consent plugin to a version later than 7.4.5 where this vulnerability is fixed.

If an update is not immediately possible, restrict access to the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} by implementing authentication or IP-based access controls at the web server or application firewall level.

Additionally, monitor and audit access logs for suspicious unauthenticated requests to this endpoint.

Useful 0 Not Useful 0

Compliance Impact

This vulnerability allows unauthenticated attackers to access consent area block content from private, draft, or unpublished posts via the REST API endpoint without proper permission checks.

Since the plugin is designed to manage GDPR and CCPA cookie consent, unauthorized data access could lead to exposure of sensitive consent-related information, potentially violating data protection requirements under GDPR and similar regulations.

Such unauthorized access undermines the confidentiality and integrity of user consent data, which is critical for compliance with privacy regulations like GDPR and HIPAA that mandate strict control over personal data access.

Useful 0 Not Useful 0

Executive Summary

The vulnerability exists in the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress, versions up to and including 7.4.5. It arises because the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} uses __return_true as its permission callback, which means it does not restrict access based on user authentication.

This endpoint calls the function cmplz_rest_consented_content(), which retrieves a post by its ID and returns the consentedContent attribute of any complianz/consent-area block found within that post. However, it does not check whether the post is published or if the user has permission to read it.

As a result, unauthenticated attackers can access the content of consent area blocks from private, draft, or unpublished posts, leading to unauthorized data access.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows any unauthenticated user to access sensitive content from private, draft, or unpublished posts on a WordPress site using the Complianz GDPR plugin. This means that confidential or not-yet-public information could be exposed without any authentication or authorization.

Such unauthorized data access can lead to information leakage, potentially harming the privacy of users or the confidentiality of the website's content.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the REST API endpoint /wp-json/complianz/v1/consent-area/{post_id}/{block_id} is accessible without authentication and returns content from private, draft, or unpublished posts.

You can use the following command to test access to this endpoint on your WordPress site:

• curl -X GET https://your-wordpress-site.com/wp-json/complianz/v1/consent-area/{post_id}/{block_id}

Replace {post_id} and {block_id} with IDs of posts and blocks you want to test. If the response returns consent area content from posts that should not be publicly accessible (e.g., private or draft posts), your system is vulnerable.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include updating the Complianz GDPR/CCPA Cookie Consent plugin to a version later than 7.4.5 where this vulnerability is fixed.

If an update is not immediately possible, restrict access to the vulnerable REST API endpoint by implementing authentication or access controls at the web server or application firewall level to prevent unauthenticated users from accessing /wp-json/complianz/v1/consent-area/*.

Additionally, monitor your logs for suspicious access to this endpoint and consider temporarily disabling the Complianz plugin if feasible until a patch is applied.

Useful 0 Not Useful 0