WordPress Cookie Information/Free GDPR Consent Solution <2.0.8 - Cross-Site Scripting

WordPress Cookie Information/Free GDPR Consent Solution plugin prior to 2.0.8 contains a cross-site scripting vulnerability via the admin dashboard. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to...

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file. id: CVE-2018-19207 info: name: WP GDPR Compliance 1.4.3 - Unauthenticated Call Any Action or...

EUVD-2024-31394

Malicious code in bioql PyPI...

CVE-2024-33682

Cross-Site Request Forgery CSRF vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23...

CVE-2024-33682

Cross-Site Request Forgery CSRF vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23...

CVE-2024-33682

Technical details for CVE-2024-33682 are not provided in the connected documents. Information such as affected versions, exploit vectors, impact, or fixes is not publicly disclosed here. Monitor for updates from official advisories and trusted vulnerability databases.

WordPress WP GDPR Compliance Plugin <= 2.0.22 is vulnerable to Broken Access Control

Software WP GDPR Compliance Type Plugin Vulnerable versions = 2.0.22 Fixed in 2.0.23 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-6700 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 6a981b3b2d5a Credits Lucio Sá Required...

CVE-2018-19207

The CVE-2018-19207 entry concerns the WordPress WP GDPR Compliance plugin (before 1.4.3). The vulnerability stems from improper handling of input to WordPress database operations (notably $wpdb-&gt;prepare()), enabling remote attackers to execute arbitrary code. Multiple sources (NVD, Nuclei temp...