Lucene search
K

7 matches found

CVE
CVE
added 8 hours ago7 views

CVE-2026-11869

CVE-2026-11869 affects the WP DSGVO Tools (GDPR) WordPress plugin, prior to version 3.1.40. The root cause is a missing authorization check on the immediate-processing path of the data subject access request feature, enabling unauthenticated attackers to generate and download the full personal-da...

6AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/19 4:31 a.m.5 views

CVE-2026-10034

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an...

5.3CVSS6AI score0.00385EPSS
Exploits0References13
Cvelist
Cvelist
added 2026/06/19 4:31 a.m.32 views

CVE-2026-10034 WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an...

5.3CVSS0.00385EPSS
Exploits0References12
CVE
CVE
added 2026/06/19 4:31 a.m.18 views

CVE-2026-10034

The CVE concerns the WordPress plugin WP DSGVO Tools (GDPR) with versions up to and including 3.1.39. The core issue is improper authorization verification on the subject-access-request (SAR) AJAX endpoints (process_now and is_ajax), enabling unauthenticated attackers to supply a victim email and...

5.3CVSS5.5AI score0.00385EPSS
Exploits0References12
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.14 views

PT-2026-50834

Name of the Vulnerable Software and Affected Versions WP DSGVO Tools GDPR versions prior to 3.1.40 Description An authorization bypass exists because the plugin fails to properly verify if a user is authorized to perform specific actions. Unauthenticated attackers can provide an arbitrary victim...

5.3CVSS6AI score0.00385EPSS
Exploits0References18
CVE
CVE
added 2023/11/08 9:50 p.m.82 views

CVE-2023-47114

CVE-2023-47114 affects Fides HTML-formatted Data Subject Request packages. Root cause: lack of input validation for data from connected systems/data stores, enabling HTML injection when a data subject opens the downloaded package (typically HTML files in ZIP) in a browser via file://. Existence o...

6.1CVSS5.4AI score0.00609EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/11/08 5:52 p.m.81 views

GHSA-3VPF-MCJ7-5H38 Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages

Impact The Fides web application allows data subject users to request access to their personal data. If the request is approved by the data controller user operating the Fides web application, the data subject's personal data can then retrieved from connected systems and data stores before being...

4.3CVSS5.5AI score0.00609EPSS
Exploits0References5
Rows per page
Query Builder