WeePie Cookie Allow Plugin SQLi Risks Unauthenticated Database Access
The National Vulnerability Database has issued an advisory for CVE-2026-4304, detailing a critical SQL Injection vulnerability in the WeePie Cookie Allow plugin for WordPress. Affecting all versions up to and including 3.4.11, this flaw stems from inadequate escaping of user-supplied parameters and insufficient preparation of existing SQL queries. This isn’t just a coding oversight; it’s a fundamental security failure.
This vulnerability allows unauthenticated attackers to inject malicious SQL queries directly into existing database operations via the ‘consent’ parameter. The impact is severe: full extraction of sensitive information from the underlying database. A CVSS score of 7.5 (High) reflects the ease of exploitation (network-adjacent, low attack complexity, no privileges required, no user interaction) and the high confidentiality impact.
For defenders, this is a clear and present danger. Unauthenticated SQLi is an attacker’s dream – a direct path to data exfiltration without needing to bypass authentication. This isn’t theoretical; it’s a proven attack vector that regularly leads to major breaches. Any WordPress site running this plugin is an open book to a skilled attacker.
What This Means For You
- If your organization uses the WeePie Cookie Allow plugin for WordPress, you need to assess your exposure immediately. This is an unauthenticated SQL injection, meaning any attacker can exploit it remotely without credentials. Prioritize patching to the latest version, or disable the plugin if an update isn't available. Audit your WordPress database logs for any suspicious activity or unauthorized data access.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
WeePie Cookie Allow Plugin SQLi via 'consent' parameter - CVE-2026-4304
title: WeePie Cookie Allow Plugin SQLi via 'consent' parameter - CVE-2026-4304
id: scw-2026-05-05-ai-1
status: experimental
level: critical
description: |
Detects attempts to exploit the WeePie Cookie Allow plugin (versions up to 3.4.11) for SQL injection. The rule specifically looks for the 'consent' parameter within the query string and the plugin's known directory path in the URI, indicating a potential exploitation attempt targeting CVE-2026-4304.
author: SCW Feed Engine (AI-generated)
date: 2026-05-05
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-4304/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- 'consent='
cs-uri|contains:
- '/wp-content/plugins/cookie-allow-plugin/'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-4304 | SQLi | WeePie Cookie Allow plugin for WordPress |
| CVE-2026-4304 | SQLi | All versions up to, and including, 3.4.11 |
| CVE-2026-4304 | SQLi | Vulnerable parameter: 'consent' |
| CVE-2026-4304 | SQLi | Attack vector: unauthenticated attackers |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 05, 2026 at 17:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-7834: Critical Stack-Based Buffer Overflow in EFM ipTIME NAS1dual
CVE-2026-7834 — A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation...
CVE-2026-7778 — An issue that could allow a dashboard configuration to be
CVE-2026-7778 — An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is...
EFM ipTIME C200 Vulnerability: Remote Command Injection Exposed
CVE-2026-7833 — A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file /cgi/iux_set.cgi of...