CVE-2025-24591

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-24591
Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://patchstack.com/database/Wordpress/Plugin/ninja-gdpr-compliance/vulnerability/wordpress-gdpr-ccpa-compliance-cookie-consent-banner-plugin-2-7-1-broken-access-control-vulnerability?_s_id=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:ninjateam:gdpr_ccpa_compliance_\&_cookie_consent_banner:*:*:*:*:*:wordpress:*:*
History

23 Apr 2026, 15:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 8.8 		v2 : unknown
v3 : 4.3

01 Apr 2026, 17:17

Type Values Removed Values Added
CPE cpe:2.3:a:ninjateam:gdpr_ccpa_compliance_\&_cookie_consent_banner:*:*:*:*:*:wordpress:*:*
First Time Ninjateam gdpr Ccpa Compliance \& Cookie Consent Banner
Ninjateam
CVSS v2 : unknown
v3 : 4.3 		v2 : unknown
v3 : 8.8
References
  • {'url': 'https://patchstack.com/database/wordpress/plugin/ninja-gdpr-compliance/vulnerability/wordpress-gdpr-ccpa-compliance-cookie-consent-banner-plugin-2-7-1-broken-access-control-vulnerability?_s_id=cve', 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/ninja-gdpr-compliance/vulnerability/wordpress-gdpr-ccpa-compliance-cookie-consent-banner-plugin-2-7-1-broken-access-control-vulnerability?_s_id=cve - Third Party Advisory
Summary
  • (es) La vulnerabilidad de falta de autorización en NinjaTeam GDPR CCPA Compliance Support permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al soporte de cumplimiento de GDPR CCPA: desde n/d hasta 2.7.1.
Summary (en) Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1. (en) Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through <= 2.7.1.

24 Jan 2025, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2025-01-24 18:15

Updated : 2026-04-23 15:25

NVD link : CVE-2025-24591

Mitre link : CVE-2025-24591

CVE.ORG link : CVE-2025-24591

JSON object : View

Products Affected

ninjateam

  • gdpr_ccpa_compliance_\&_cookie_consent_banner
CWE
CWE-862

Missing Authorization