Lucene search
+L

12 matches found

redhatcve
redhatcve
added 2025/05/23 6:39 a.m.8 views

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

9.1CVSS6.8AI score0.00427EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2025/04/01 2:51 p.m.4 views

CVE-2025-31765 WordPress GDPR Cookie Notice plugin <= 1.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in themeqx GDPR Cookie Notice gdpr-cookie-notice allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR Cookie Notice: from n/a through = 1.2.0...

5.3CVSS8.6AI score0.00421EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/02/06 4:23 a.m.9 views

CVE-2021-4358

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

7.2CVSS6AI score0.00786EPSS
Exploits1References1
redhatcve
redhatcve
added 2025/02/05 4:57 a.m.9 views

CVE-2024-10388

The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprfirstname' and 'gdprlastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

7.2CVSS6.1AI score0.003EPSS
Exploits0References1
osv
osv
added 2024/11/19 8:15 a.m.4 views

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

9.1CVSS7.4AI score0.00427EPSS
Exploits0References2
patchstack
patchstack
added 2024/11/18 12:0 a.m.11 views

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 255755def3df Credits István Márt...

7.2CVSS5.6AI score0.003EPSS
Exploits0References2Affected Software1
patchstack
patchstack
added 2024/11/18 12:0 a.m.12 views

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b71de0a7a1a1 Credits István Márton...

9.1CVSS6.5AI score0.00427EPSS
Exploits0References2Affected Software1
attackerkb
attackerkb
added 2022/02/01 1:15 p.m.8 views

CVE-2022-0220

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

6.1CVSS6.3AI score0.02329EPSS
Exploits2References3
osv
osv
added 2022/02/01 1:15 p.m.5 views

CVE-2021-24814

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

9.6CVSS5.8AI score0.02085EPSS
Exploits2References1
ptsecurity
ptsecurity
added 2022/01/26 12:0 a.m.8 views

PT-2022-7141 · WordPress · Wordpress Gdpr Plugin

Name of the Vulnerable Software and Affected Versions: WordPress GDPR plugin versions prior to 1.9.27 Description: The issue concerns the check privacy settings AJAX action in the WordPress GDPR plugin, which is accessible to both unauthenticated and authenticated users. This action responds with...

6.4CVSS6.3AI score0.02329EPSS
Exploits2References4
osv
osv
added 2021/11/05 9:15 p.m.4 views

CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

9.1CVSS5.7AI score0.0393EPSS
Exploits1References1
symantec
symantec
added 2019/12/27 12:0 a.m.17 views

WordPress GDPR Cookie Compliance Plugin Multiple Security Vulnerabilities

Description The GDPR Cookie Compliance plugin for WordPress is prone to an unauthorized-access and a cross-site request-forgery vulnerability. An attacker can exploit these issues to perform certain unauthorized actions and gain unauthorized access. This may lead to further attacks. GDPR Cookie...

0.7AI score
Exploits0References3Affected Software1
Rows per page
Query Builder