CVE-2025-1666 is a vulnerability classified under CWE-862 (Missing Authorization) found in the Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics. The issue stems from the send_uninstall_survey() function lacking a proper capability check, which means that any authenticated user with at least Subscriber-level privileges can invoke this function to submit uninstall survey data on behalf of the website. This unauthorized action could lead to manipulation or falsification of survey data collected by the plugin, potentially skewing analytics or feedback mechanisms. The vulnerability affects all versions up to and including 4.4.1 of the plugin. The CVSS v3.1 base score is 4.3, indicating a medium severity level, with an attack vector of network, low attack complexity, requiring privileges (authenticated users), no user interaction, and limited impact confined to integrity (no confidentiality or availability impact). There are no known public exploits or patches at the time of publication. The vulnerability is primarily a logic flaw in authorization controls within the plugin’s codebase, which could be exploited by low-privileged users to perform unauthorized actions that should be restricted to higher privilege roles or administrators.

The primary impact of CVE-2025-1666 is unauthorized modification of uninstall survey data, which can affect the integrity of data collected by the Cookiebot CMP plugin. While this does not compromise sensitive user data or system availability, it can undermine trust in the accuracy of user feedback and analytics derived from uninstall surveys. For organizations relying on this data to inform privacy compliance or user experience improvements, the integrity loss could lead to misguided decisions. Additionally, if attackers manipulate uninstall surveys maliciously, it could be used to distort metrics or trigger unintended workflows based on survey results. Since exploitation requires authenticated access at Subscriber-level or above, the risk is limited to environments where such accounts exist and are accessible to potentially malicious insiders or compromised accounts. The vulnerability does not allow remote code execution, data exfiltration, or denial of service, thus limiting its overall impact severity.

To mitigate this vulnerability, organizations should: 1) Immediately review and restrict Subscriber-level user accounts, ensuring only trusted users have such access. 2) Monitor plugin updates from Usercentrics and apply patches promptly once released. 3) Implement additional access control measures such as two-factor authentication and strong password policies to reduce the risk of account compromise. 4) Conduct code audits or apply custom patches to add proper capability checks in the send_uninstall_survey() function if feasible before official patches are available. 5) Monitor logs for unusual activity related to uninstall survey submissions to detect potential exploitation attempts. 6) Consider temporarily disabling or replacing the plugin if uninstall survey data integrity is critical and no patch is available. 7) Educate users with Subscriber-level access about the risks and encourage reporting of suspicious behavior. These steps go beyond generic advice by focusing on privilege management, monitoring, and proactive code-level controls specific to this plugin’s vulnerability.