WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file. id: CVE-2018-19207 info: name: WP GDPR Compliance 1.4.3 - Unauthenticated Call Any Action or...

EUVD-2020-13413

Malware in sbrugna...

EUVD-2024-31394

Malicious code in bioql PyPI...

CVE-2024-33682

Cross-Site Request Forgery CSRF vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23...

CVE-2020-36697

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...

CVE-2024-33682

Cross-Site Request Forgery CSRF vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23...

CVE-2024-33682

Technical details for CVE-2024-33682 are not provided in the connected documents. Information such as affected versions, exploit vectors, impact, or fixes is not publicly disclosed here. Monitor for updates from official advisories and trusted vulnerability databases.

WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control

Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...

CVE-2020-36697

CVE-2020-36697 affects the WP GDPR plugin for WordPress, with vulnerability in versions up to 2.1.1 due to a missing capability check that enables authorization bypass. This allows unauthenticated attackers to delete comments and modify plugin settings. Remediation: upgrade to a version higher th...

CVE-2020-36697 WP GDPR <= 2.1.1 - Missing Authorization Checks

The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...

CVE-2020-20628

controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS...

Cross site scripting

controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS...

CVE-2020-20628

The CVE-2020-20628 entry concerns the WP GDPR plugin up to version 2.1.1, where controller/controller-comments.php is vulnerable to unauthenticated stored XSS. This is the concrete issue described in NVD/NVD-derived entries. Impact, as stated, is user-controlled script execution due to stored XSS...

CVE-2018-19207

The CVE-2018-19207 entry concerns the WordPress WP GDPR Compliance plugin (before 1.4.3). The vulnerability stems from improper handling of input to WordPress database operations (notably $wpdb-&gt;prepare()), enabling remote attackers to execute arbitrary code. Multiple sources (NVD, Nuclei temp...