CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settingsemail= XSS...

Vulnerability in WP DSGVO Tools (GDPR) Plugin Allows Unauthenticated Page Deletion

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security Mailing List. On September 27, 2021, the Wordfence Threat Intelligence team initiated the disclosure process for a vulnerability we found in WP DSGVO Tools GDPR, a...

WordPress shapepress-dsgvo cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. shapepress-dsgvo is a plugin used to add the General Data Protection Regulation to websites. A cross-site scripting vulnerability exis...

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

Cross site scripting

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

CVE-2019-15777

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&adminemail= XSS...

CVE-2019-15777

CVE-2019-15777 affects the WordPress plugin shapepress-dsgvo (WP DSGVO Tools) prior to version 2.2.19. The vulnerability is an XSS in wp-admin/admin-ajax.php?action=admin-common-settings&admin_email=, caused by insufficient input validation. Impact is client-side code execution. Some sources desc...