Critical bugs found in the WordPress plugin used by over 700,000 websites allow potential attackers to delete and change content and inject malicious JavaScript code due to improper access controls. The vulnerability rated as critical doesn’t yet have a CVE ID and it affects version 1.8.2 and earlier. The plugin is designed to allow site admins to display customizable header or footer cookie banners to show their website’s EU Cookie Law (GDPR) compliance. It is also among the top 100 most popular ones in the plugin repository.
Source: https://www.bleepingcomputer.com/news/security/wordpress-cookie-consent-plugin-fixes-critical-flaw-for-700k-users/