2 matches found
CVE-2020-36718
The CVE-2020-36718 entry concerns the WordPress GDPR CCPA Compliance Support plugin (versions up to 2.3). The vulnerability is PHP Object Injection via deserialization of untrusted input njt_gdpr_allow_permissions, exploitable by unauthenticated attackers. Connected sources confirm the issue as P...
CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njtgdprallowpermissions" value. This allows unauthenticated attackers to inject a PHP Object...