{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/vendors/weepie/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2026-4304"}],"_cs_exploited":false,"_cs_products":["WeePie Cookie Allow plugin for WordPress \u003c= 3.4.11"],"_cs_severities":["critical"],"_cs_tags":["sqli","wordpress","plugin","cve-2026-4304"],"_cs_type":"advisory","_cs_vendors":["WeePie"],"content_html":"\u003cp\u003eThe WeePie Cookie Allow plugin for WordPress, a widely used plugin for managing cookie consent, contains a critical SQL Injection vulnerability. This flaw, identified as CVE-2026-4304, affects all versions up to and including 3.4.11. The vulnerability stems from insufficient input sanitization of the \u0026lsquo;consent\u0026rsquo; parameter, combined with inadequate preparation of the SQL queries used by the plugin. This allows unauthenticated attackers to inject malicious SQL code into the application\u0026rsquo;s database queries, potentially leading to sensitive data extraction. Given the plugin\u0026rsquo;s popularity, a successful exploit could expose a significant number of WordPress sites to data breaches and other malicious activities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn unauthenticated attacker crafts a malicious HTTP request targeting a WordPress site running the vulnerable WeePie Cookie Allow plugin.\u003c/li\u003e\n\u003cli\u003eThe attacker injects SQL code into the \u0026lsquo;consent\u0026rsquo; parameter of the HTTP request. This is typically a GET or POST request.\u003c/li\u003e\n\u003cli\u003eThe WordPress site receives the request and passes the tainted \u0026lsquo;consent\u0026rsquo; parameter to the WeePie Cookie Allow plugin.\u003c/li\u003e\n\u003cli\u003eThe WeePie Cookie Allow plugin processes the malicious \u0026lsquo;consent\u0026rsquo; parameter without proper sanitization or escaping.\u003c/li\u003e\n\u003cli\u003eThe plugin incorporates the unsanitized input into an SQL query.\u003c/li\u003e\n\u003cli\u003eThe database executes the attacker-controlled SQL query, potentially extracting sensitive data such as user credentials, configuration details, or other confidential information.\u003c/li\u003e\n\u003cli\u003eThe extracted data is returned to the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker can use the stolen information to further compromise the WordPress site or the underlying server.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this SQL Injection vulnerability (CVE-2026-4304) can lead to the unauthorized disclosure of sensitive information, including user credentials and database contents. Given the widespread use of the WeePie Cookie Allow plugin, a large number of WordPress websites are potentially vulnerable. This could lead to significant data breaches, defacement of websites, and further compromise of affected systems. A CVSS v3.1 score of 7.5 indicates a high level of severity.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade the WeePie Cookie Allow plugin to the latest version, which includes a patch for CVE-2026-4304.\u003c/li\u003e\n\u003cli\u003eDeploy the provided Sigma rules to detect potential exploitation attempts targeting the \u0026lsquo;consent\u0026rsquo; parameter.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious requests containing SQL injection patterns in the \u0026lsquo;consent\u0026rsquo; parameter, as detected by the Sigma rules.\u003c/li\u003e\n\u003cli\u003eConsider implementing a web application firewall (WAF) rule to block requests containing SQL injection attempts targeting the \u0026lsquo;consent\u0026rsquo; parameter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-05T14:16:09Z","date_published":"2026-05-05T14:16:09Z","id":"/briefs/2026-05-weepie-sqli/","summary":"The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in versions up to 3.4.11, allowing unauthenticated attackers to extract sensitive information from the database.","title":"WeePie Cookie Allow Plugin SQL Injection Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-weepie-sqli/"}],"language":"en","title":"CraftedSignal Threat Feed — WeePie","version":"https://jsonfeed.org/version/1.1"}