6 matches found
EUVD-2020-13413
Malware in sbrugna...
CVE-2020-36697
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...
CVE-2020-36697 WP GDPR <= 2.1.1 - Missing Authorization Checks
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings...
CVE-2020-20628
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS...
Cross site scripting
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS...
CVE-2020-20628
The CVE-2020-20628 entry concerns the WP GDPR plugin up to version 2.1.1, where controller/controller-comments.php is vulnerable to unauthenticated stored XSS. This is the concrete issue described in NVD/NVD-derived entries. Impact, as stated, is user-controlled script execution due to stored XSS...