EUVD-2025-9017

Malicious code in bioql PyPI...

PT-2025-33539 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions through 3.14.3 Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Edito...

Data Breach Reporting for regulatory requirements with Microsoft Data Security Investigations​​

Seventy-four percent of organizations surveyed experienced at least one data security incident with their business data exposed in the previous year as reported in Microsoft’s Data Security Index: Trends, insights, and strategies to secure data report. Despite the best people, process and...

WordPress plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Noyb Threatens Meta with Lawsuit for Violating GDPR to Train AI on E.U. User Data From May 27

Austrian privacy non-profit noyb none of your business has sent Meta's Irish headquarters a cease-and-desist letter, threatening the company with a class action lawsuit if it proceeds with its plans to train users' data for training its artificial intelligence AI models without an explicit opt-in...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

GHSA-JV6R-MJ9P-9XFF Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery. This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

Drupal General Data Protection Regulation Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery. This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689 General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

CVE-2025-31689

The CVE-2025-31689 entry concerns the Drupal General Data Protection Regulation (GDPR) module. A CSRF vulnerability affects versions 0.0.0 through 3.0.1 and 3.1.0 through 3.1.2. The issue is mitigated by upgrading to 3.0.1+ or 3.1.2+ (per connected sources). No exploit details are provided beyond...

CVE-2025-31689 General Data Protection Regulation - Moderately critical - Cross Site Request Forgery - SA-CONTRIB-2025-018

Cross-Site Request Forgery CSRF vulnerability in Drupal General Data Protection Regulation allows Cross Site Request Forgery.This issue affects General Data Protection Regulation: from 0.0.0 before 3.0.1, from 3.1.0 before 3.1.2...

WordPress plugin GDPR Cookie Compliance 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Drupal General Data Protection Regulation module < 3.0.1,3.1.0-3.1.1 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Pierre Rudloff prudloff in WordPress Module General Data Protection Regulation versions 3.0.1,3.1.0-3.1.1...

CVE-2025-24591

Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1...

WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Ngô Thái An in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.1...

European Privacy Group Sues TikTok and AliExpress for Illicit Data Transfers to China

Austrian privacy non-profit None of Your Business noyb has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users' data to China. The advocacy group is seeking an...

PT-2025-4909 · Unknown · Sprucejoy Cookie Consent & Autoblock For Gdpr/Ccpa

Name of the Vulnerable Software and Affected Versions: SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA versions 1.0.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended...

PT-2024-39406 · WordPress · Gdpr-Extensions-Com – Consent Manager

Name of the Vulnerable Software and Affected Versions: GDPR-Extensions-com – Consent Manager plugin for WordPress versions up to, and including, 1.0.0 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping...

WordPress WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header vulnerability

Unauthenticated Stored Cross-Site Scripting via Client-IP header vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 3.2.0...