Lucene search
PRIOn knowledge basePRION:CVE-2020-36718HistoryJun 07, 2023 - 2:15 a.m.
Deserialization of untrusted data
2023-06-0702:15:00
PRIOn knowledge base
www.prio-n.com
3
wordpress
gdpr
ccpa
plugin
vulnerability
php object injection
untrusted deserialization
nvd
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input “njt_gdpr_allow_permissions” value. This allows unauthenticated attackers to inject a PHP Object.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gpdr_ccpa_compliance_support | le | 2.3 |
References
blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/
plugins.trac.wordpress.org/changeset/2408938
plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance
wordpress.org/plugins/ninja-gdpr-compliance/
wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395
www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve
Related
cvelist
cvelist
CVE-2020-36718
2023-06-07 01:51:35
nvd
nvd
CVE-2020-36718
2023-06-07 02:15:12
cve
cve
CVE-2020-36718
2023-06-07 02:15:12