CVE-2026-4019 — The Complianz – GDPR/CCPA Cookie Consent plugin for
CVE-2026-4019 — The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to unauthorized data access in all versions up to, and including, 7.4.5 This is due to the REST API endpoint at /wp-json/complianz/v1/consent-area/{post_id}/{block_id} using __return_true as the permission_ca
What This Means For You
- If your environment is affected by CWE-862, review your exposure and prioritize patching based on your environment. Monitor vendor advisories for CVE-2026-4019 updates and patches.
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4019 | vulnerability | CVE-2026-4019 |
| CWE-862 | weakness | CWE-862 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 29, 2026 at 12:16 UTC |
This content was curated and summarized by Shimi's Cyber World for informational purposes. It is not copied or republished in full. All intellectual property rights remain with the original author and source.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-42412 — WeDevs WP User Frontend Vulnerability
CVE-2026-42412 — Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP User Frontend: from...
CVE-2025-10503 — Cross-Site Scripting (XSS)
CVE-2025-10503 — The authentication endpoint accepts user-supplied input without enforcing expected validation constraints, leading to a lack of proper output encoding. This allows for the...
SureForms Pro Vulnerability CVE-2026-42377 Exposes Access Control Flaws
CVE-2026-42377 — Missing Authorization vulnerability in Brainstorm Force SureForms Pro allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SureForms Pro: from n/a...