Lucene search
K

5 matches found

CVE
CVE
added 2026/01/23 12:26 p.m.23 views

CVE-2026-0914

CVE-2026-0914 : WordPress plugin WP DSGVO Tools (GDPR) is vulnerable to stored XSS via the shortcode tag lw_content_block in versions up to and including 3.1.36. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attack...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/23 12:26 p.m.5 views

CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/23 12:26 p.m.38 views

CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.0025EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/23 7:57 a.m.7 views

WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...

6.4CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/23 12:0 a.m.7 views

PT-2026-4354

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw content block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References4
Rows per page
Query Builder