The WeePie Cookie Allow plugin contains a high-severity SQL injection vulnerability that could allow unauthorized database access and data manipulation.

This vulnerability is an SQL injection flaw triggered via the 'consent' parameter. By supplying crafted input, an attacker can execute arbitrary SQL commands against the WordPress database.

A CVSS score of 7.5 highlights the potential for significant impact, including the compromise of sensitive user consent data and broader database exposure. This poses a compliance risk and a direct threat to the security posture of the affected WordPress site.

Immediate Action: Update the WeePie Cookie Allow plugin to the latest version as soon as the vendor releases a patch.

Proactive Monitoring: Regularly review application and database error logs for signs of injection attempts or unusual query execution patterns.

Compensating Controls: Implement WAF rules specifically configured to sanitize or block input to the 'consent' parameter to mitigate the risk until a patch is applied.

Public Exploit Available: false

Immediate remediation is essential to prevent unauthorized access to the database. Given the nature of the vulnerability, prompt updates are the most effective way to eliminate this security risk.