Lucene search

[email protected]NVD:CVE-2020-36718

HistoryJun 07, 2023 - 2:15 a.m.

CVE-2020-36718

2023-06-0702:15:12

CWE-502

[email protected]

web.nvd.nist.gov

gdpr compliance

ccpa compliance

wordpress

php object injection

unauthenticated attackers

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input “njt_gdpr_allow_permissions” value. This allows unauthenticated attackers to inject a PHP Object.

Affected configurations

NVD

Node

ninjateamgpdr_ccpa_compliance_supportRange≤2.3wordpress

References

blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/

plugins.trac.wordpress.org/changeset/2408938

plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance

wordpress.org/plugins/ninja-gdpr-compliance/#developers

wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395

www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.8 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.4%

JSON

Related for NVD:CVE-2020-36718

cvelist1 prion1 cve1