PT-2025-49928

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Humanityco Cookie Notice & Compliance for GDPR / CCPA cookie-notice allows Stored XSS.This issue affects Cookie Notice & Compliance for GDPR / CCPA: from n/a through = 2.5.8...

EUVD-2020-24160

Malware in sbrugna...

EUVD-2023-28456

Malicious code in bioql PyPI...

EUVD-2021-34175

Malicious code in bioql PyPI...

CVE-2025-48260

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.3...

CVE-2020-36718

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njtgdprallowpermissions" value. This allows unauthenticated attackers to inject a PHP Object...

CVE-2025-24591

Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support ninja-gdpr-compliance allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GDPR CCPA Compliance Support: from n/a through = 2.7.1...

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-10388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 255755def3df Credits István Márt...

WordPress WordPress GDPR & CCPA Plugin <= 2.0.2 is vulnerable to Broken Access Control

Software WordPress GDPR & CCPA Type Plugin Vulnerable versions = 2.0.2 Fixed in 2.0.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-11069 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b71de0a7a1a1 Credits István Márton...

CVE-2022-3399 Cookie Notice & Compliance for GDPR / CCPA <= 2.4.17.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The Cookie Notice & Compliance for GDPR / CCPA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cookienoticeoptionsrefusecodehead' parameter in versions up to, and including, 2.4.17.1 due to insufficient input sanitization and output escaping. This makes it possible for...

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.4 Fixed in 6.4.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-33333 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID ea0e87e5f771 Credit...

WordPress Complianz – GDPR/CCPA Cookie Consent Plugin <= 6.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Complianz – GDPR/CCPA Cookie Consent Type Plugin Vulnerable versions = 6.4.5 Fixed in 6.4.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34030 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a135bb16d42c Credit...

CVE-2020-36718 GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njtgdprallowpermissions" value. This allows unauthenticated attackers to inject a PHP Object...

Cookie Notice & Compliance for GDPR / CCPA < 2.4.7 - Contributor+ XSS

The plugin does not validate and escape some of its cookiesrevoke shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

CVE-2022-3811

The EU Cookie Law for GDPR/CCPA WordPress plugin through 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

WordPress Complianz - GDPR/CCPA Cookie Consent Premium Plugin < 6.3.6 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Complianz - GDPR/CCPA Cookie Consent Plugin < 6.3.4 SQLi Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Complianz plugin 6.3.3 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Sakri Rafael Koskimies saggre in the WordPress Complianz plugin versions 6.3.3. Solution Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version at least 6.3.4...

WordPress Complianz - GDPR/CCPA Cookie Consent Plugin < 6.0.0 XSS Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

WordPress Complianz – GDPR/CCPA Cookie Consent plugin <= 5.5.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Complianz – GDPR/CCPA Cookie Consent plugin versions = 5.5.2. Solution Update the WordPress Complianz – GDPR/CCPA Cookie Consent plugin to the latest available version at least 6.0.0...