WordPress Protección de datos – RGPD plugin <= 0.68 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Protección de datos RGPD versions = 0.68...

Cross site scripting

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ClickDatos Protección de Datos RGPD plugin = 3.1.0 versions...

Protección de Datos RGPD <= 3.1.0 - Reflected XSS

Description The plugin does not sanitise and escape some parameters before outputting them back in the page, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-46071

CVE-2023-46071 corresponds to an unauthenticated reflected XSS in the WordPress plugin Protección de Datos RGPD (ClickDatos) &lt;= 3.1.0. Root cause is reflected XSS in the plugin; impact per sources is limited to confidentiality/integrity with low severity in NVD metrics (UI interaction required...

CVE-2023-46071 WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ClickDatos Protección de Datos RGPD plugin = 3.1.0 versions...

CVE-2023-46071 WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting XSS vulnerability in ClickDatos Protección de Datos RGPD plugin = 3.1.0 versions...

WordPress Protección de Datos RGPD Plugin <= 3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software Protección de Datos RGPD Type Plugin Vulnerable versions = 3.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46071 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b0cb868b9a1f Credits LEE SE...

Cross site scripting in ameos_tarteaucitron

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

Cross site scripting in ameos_tarteaucitron

The ameostarteaucitron aka AMEOS - TarteAuCitron GDPR cookie banner and tracking management / French RGPD compatible extension before 1.2.23 for TYPO3 allows XSS...

Adapta RGPD < 1.3.3 - Unauthorised Consent via CSRF

The acceptcookieconsent AJAX action did not properly check for CSRF, allowing attackers to make users consent via a CSRF attack. PoC https://example.com/wp-admin/admin-ajax.php?action=acceptcookieconsent...

Adapta RGPD < 1.3.3 - Unauthorised Consent via CSRF

The acceptcookieconsent AJAX action did not properly check for CSRF, allowing attackers to make users consent via a CSRF attack. https://example.com/wp-admin/admin-ajax.php?action=acceptcookieconsent...

WordPress Adapta RGPD plugin <= 1.3.2 - Unauthorised Consent via Cross-Site Request Forger (CSRF) vulnerability

Unauthorised Consent via Cross-Site Request Forger CSRF vulnerability discovered by WPSanTeam in WordPress Adapta RGPD plugin versions = 1.3.2. Solution Update the WordPress Adapta RGPD plugin to the latest available version at least 1.3.3...