WordPress WP DSGVO Tools (GDPR) plugin <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability

Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users vulnerability discovered by shark3y in WordPress Plugin WP DSGVO Tools GDPR versions = 3.1.38...

CVE-2026-4283

The WP DSGVO Tools (GDPR) WordPress plugin (versions up to 3.1.38) is affected by an unauthorized account destruction flaw via the super-unsubscribe AJAX action. unauthenticated users can submit a victim email with process_now=1, bypassing the email-confirmation flow and triggering irreversible a...

CVE-2026-4283

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

CVE-2026-4283 WP DSGVO Tools (GDPR) <= 3.1.38 - Missing Authorization to Unauthenticated Account Destruction of Non-Admin Users

The WP DSGVO Tools GDPR plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the super-unsubscribe AJAX action accepting a processnow parameter from unauthenticated users, which bypasses the intended email-confirmation...

WordPress Ditty plugin <= 3.1.38 - Authenticated (Contributor+) PHP Object Injection vulnerability

Authenticated Contributor+ PHP Object Injection vulnerability discovered by Trinh Vu Sonicrrrr in WordPress Plugin Ditty versions = 3.1.38...

CVE-2024-22129

SAP Companion - version 3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application...

Design/Logic Flaw

SAP Companion - version 3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application...

IIoT Monitor Dangerous Type File Upload Vulnerability

Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric France. A security vulnerability exists in Schneider Electric IIoT Monitor version 3.1.38. The vulnerability can be exploited by an attacker to upload and execute malicious files...

IIoT Monitor Path Traversal Vulnerability

Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric France. A path traversal vulnerability exists in Schneider Electric IIoT Monitor version 3.1.38. An attacker could exploit this vulnerability to access files that are accessible to the system user...

IIoT Monitor XML External Entity Injection Vulnerability

Schneider Electric IIoT Monitor is an industrial IoT monitor from Schneider Electric France. An XML external entity injection vulnerability exists in Schneider Electric IIoT Monitor version 3.1.38. An attacker could exploit this vulnerability to obtain restricted information...

CVE-2018-7835

An Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability exists in IIoT Monitor 3.1.38 which could allow access to files available to SYSTEM user...