Lucene search
PRIOn knowledge basePRION:CVE-2024-1592HistoryMar 02, 2024 - 7:15 a.m.
Cross site request forgery (csrf)
2024-03-0207:15:00
PRIOn knowledge base
www.prio-n.com
5
cross-site request forgery
wordpress plugin
vulnerability
nonce validation
unauthenticated attackers
gdpr data requests
The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Related
wpvulndb
wpvulndb
cvelist
cvelist
CVE-2024-1592
2024-03-02 06:46:19
cve
cve
CVE-2024-1592
2024-03-02 07:15:46
nvd
nvd
CVE-2024-1592
2024-03-02 07:15:46
wordfence
wordfence