CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

CVE-2021-4358

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2024-10388

The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprfirstname' and 'gdprlastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

PT-2022-7141 · WordPress · Wordpress Gdpr Plugin

Name of the Vulnerable Software and Affected Versions: WordPress GDPR plugin versions prior to 1.9.27 Description: The issue concerns the check privacy settings AJAX action in the WordPress GDPR plugin, which is accessible to both unauthenticated and authenticated users. This action responds with...