5 matches found
CVE-2026-0914
CVE-2026-0914 : WordPress plugin WP DSGVO Tools (GDPR) is vulnerable to stored XSS via the shortcode tag lw_content_block in versions up to and including 3.1.36. The issue arises from insufficient input sanitization and output escaping on user-supplied attributes, enabling an authenticated attack...
CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode
The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-0914 WP DSGVO Tools (GDPR) <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode
The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lwcontentblock' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.36 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lw_content_block' Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via 'lwcontentblock' Shortcode vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.36...
PT-2026-4354
The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw content block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...