4 matches found
CVE-2021-24814
The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...
CVE-2022-0220
The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...
CVE-2022-0220
The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...
PT-2022-7141 · WordPress · Wordpress Gdpr Plugin
Name of the Vulnerable Software and Affected Versions: WordPress GDPR plugin versions prior to 1.9.27 Description: The issue concerns the check privacy settings AJAX action in the WordPress GDPR plugin, which is accessible to both unauthenticated and authenticated users. This action responds with...