37 matches found
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)
Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-4869 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID...
CVE-2024-3599
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
CVE-2024-3599 WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) <= 3.0.2 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers to delete...
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 3.0.2 is vulnerable to Broken Access Control
Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 3.0.2 Fixed in 3.1.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-3599 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bea6dcba69bc...
WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) < 3.1.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Description The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers t...
YouTube's Ad Blocker Detection Believed to Break EU Privacy Law
A complaint filed with the EU’s independent data regulator accuses YouTube of failing to get explicit user permission for its ad blocker detection system, potentially violating the ePrivacy Directive...
CVE-2023-23678
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent for GDPR, CCPA & ePrivacy .This issue affects WP Cookie Consent for GDPR, CCPA & ePrivacy : from n/a through 2.2.5...
Input validation
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent for GDPR, CCPA & ePrivacy .This issue affects WP Cookie Consent for GDPR, CCPA & ePrivacy : from n/a through 2.2.5...
CVE-2023-23678 WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection
Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent for GDPR, CCPA & ePrivacy .This issue affects WP Cookie Consent for GDPR, CCPA & ePrivacy : from n/a through 2.2.5...
CVE-2023-23678
CVE-2023-23678 affects the WordPress plugin WP Cookie Notice for GDPR/CCPA/ePrivacy (WP Cookie Consent). The issue is CSV Injection due to improper neutralization of formula elements in CSV files generated by the plugin up to version 2.2.5. A fix was released in 2.2.6. Remediation: upgrade to 2.2...
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection
Software WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Type Plugin Vulnerable versions = 2.2.5 Fixed in 2.2.6 OWASP Top 10 A1: Injection Classification CSV Injection CVE CVE-2023-23678 Patch priority Low CVSS severity Low 4 Developer Claim ownership PSID 204630e00285 Credits Rio Darmawan...
TikTok Postpones Privacy Policy Update in Europe After Italy Warns of GDPR Breach
Popular video-sharing platform TikTok on Tuesday agreed to pause a controversial privacy policy update that could have allowed it to serve targeted ads based on users' activity on the social video platform without their permission to do so. The reversal, reported by TechCrunch, comes a day after...
New German Government is Pro-Encryption and Anti-Backdoors
I hope this is true: According to Jens Zimmermann, the German coalition negotiations had made it "quite clear" that the incoming government of the Social Democrats SPD, the Greens and the business-friendly liberal FDP would reject "the weakening of encryption, which is being attempted under the...
Onwards and Upwards: Our GDPR Journey and Looking Ahead
At Imperva, our world revolves around data security, data protection, and data privacy. From our newest recruits to the most seasoned members of the executive team, we believe that customer privacy is key. For the better part of the last two years, Imperva has laid the foundation for our complian...
This Week in Security News: HR and Heritage Hacks
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the details of 92 million accounts for MyHertitage were discovered on a private server outside of the company. Also, companies using service...
This Week in Security News: ePrivacy and Hack Back
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the Council of the European Union reviewed a bill dubbed the “ePrivacy” Regulation, which targets message-sharing services like WhatsApp and...