### [CVE-2022-0445](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0445)
![](https://img.shields.io/static/v1?label=Product&message=WordPress%20Real%20Cookie%20Banner%3A%20GDPR%20(DSGVO)%20%26%20ePrivacy%20Cookie%20Consent&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=2.14.2%3C%202.14.2%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-352%20Cross-Site%20Request%20Forgery%20(CSRF)&color=brighgreen)

### Description

The WordPress Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent WordPress plugin before 2.14.2 does not have CSRF checks in place when resetting its settings, allowing attackers to make a logged in admin reset them via a CSRF attack

### POC

#### Reference
- https://wpscan.com/vulnerability/d9f28255-0026-4c42-9e67-d17b618c2285
- https://wpscan.com/vulnerability/d9f28255-0026-4c42-9e67-d17b618c2285

#### Github
No PoCs found on GitHub currently.