5 matches found
CVE-2024-13621
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13621 The GDPR Framework By Data443 < 2.2.0 - Admin+ Stored XSS
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13621 The GDPR Framework By Data443 < 2.2.0 - Admin+ Stored XSS
The GDPR Framework By Data443 WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-13621
CVE-2024-13621 affects the WordPress plugin “The GDPR Framework By Data443” (versions prior to 2.2.0). The issue is insufficient sanitization and escaping of certain settings, which could permit stored XSS by high-privilege users (e.g., admins) even when unfiltered_html is disallowed (such as in ...
PT-2025-21461 · WordPress · The Gdpr Framework By Data443
Name of the Vulnerable Software and Affected Versions: The GDPR Framework By Data443 WordPress plugin versions prior to 2.2.0 Description: The issue concerns the lack of sanitization and escaping of certain settings in the plugin, which could allow high-privilege users, such as admins, to perform...