WordPress DSGVO Google Web Fonts GDPR plugin <= 1.1 - Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability

Unauthenticated Arbitrary File Upload via 'fonturl' Parameter vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin DSGVO Google Web Fonts GDPR versions = 1.1...

EUVD-2020-13413

Malware in sbrugna...

EUVD-2024-33416

Malicious code in bioql PyPI...

EUVD-2025-6545

Malicious code in bioql PyPI...

WordPress tarteaucitron.io plugin < 1.9.5 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Pierre Rudloff in WordPress Plugin tarteaucitron.js – Cookies legislation & GDPR versions 1.9.5...

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

CVE-2021-4358

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

CVE-2021-4348

The Ultimate GDPR & CCPA plugin for WordPress is vulnerable to unauthenticated settings import and export via the exportsettings & importsettings functions in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to change plugin settings and conduct attacks suc...

CVE-2020-36697

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...

CVE-2024-10388

The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprfirstname' and 'gdprlastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

CVE-2024-11069

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPressGDPRDataDelete::checkaction' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users...

CVE-2024-10388

The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprfirstname' and 'gdprlastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers t...

CVE-2024-10388

CVE-2024-10388 : WordPress GDPR plugin for WordPress suffers an unauthenticated Stored XSS via the gdpr_firstname/gdpr_lastname parameters in all versions up to 2.0.2. Root cause: insufficient input sanitization and output escaping. Impact: arbitrary scripts can execute when users view injected p...

CVE-2020-36697 WP GDPR <= 2.1.1 - Missing Authorization Checks

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...

PT-2023-11839 · WordPress · Wp Gdpr

Name of the Vulnerable Software and Affected Versions: WP GDPR plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is related to authorization bypass due to a missing capability check. This allows unauthenticated attackers to delete any comment and modify the plugin's...

CVE-2022-0220

The checkprivacysettings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web...

PT-2022-7141 · WordPress · Wordpress Gdpr Plugin

Name of the Vulnerable Software and Affected Versions: WordPress GDPR plugin versions prior to 1.9.27 Description: The issue concerns the check privacy settings AJAX action in the WordPress GDPR plugin, which is accessible to both unauthenticated and authenticated users. This action responds with...

WordPress 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A cross-site scripting vulnerability exists in the Cookies legislation & GDPR plugin for WordPress, which...

WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the Cookies legislation & GDPR plugin for WordPress, which stems from the...