Lucene search
K
Really-simple-pluginsComplianz

7 matches found

CVE
CVE
added 2022/11/07 12:0 a.m.113 views

CVE-2022-3494

CVE-2022-3494 affects the Complianz WordPress plugin (pre-6.3.4) and the Complianz Premium plugin (pre-6.3.6), allowing SQL injection via unsanitized translations. Attacks can occur through infected translation files or by translator-role users using plugins like Loco Translate or WPML. Impact pe...

8.8CVSS8.8AI score0.01196EPSS
Web
CVE
CVE
added 2022/02/14 9:21 a.m.112 views

CVE-2022-0193

The CVE-2022-0193 issue affects the WordPress Complianz – GDPR/CCPA Cookie Consent plugin prior to version 6.0.0. The root cause is the plugin not escaping the s parameter before echoing it into an HTML attribute on an admin page, enabling Reflected Cross-Site Scripting. Public advisories (NVD, R...

6.1CVSS6AI score0.00876EPSS
Web
CVE
CVE
added 2023/03/27 3:37 p.m.103 views

CVE-2023-1069

The CVE-2023-1069 entry concerns the WordPress plug‑in Complianz (free and Premium) prior to version 6.4.2. The vulnerability arises from failing to validate and escape several shortcode attributes before echoing them in posts/pages where the shortcode is used, enabling a Stored XSS vector. Affec...

5.4CVSS5.2AI score0.00558EPSS
CVE
CVE
added 2024/03/02 6:46 a.m.95 views

CVE-2024-1592

CVE-2024-1592 affects the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress (up to version 6.5.6). The root cause is missing/incorrect nonce validation in process_delete() of class-DNSMPD.php, enabling CSRF without authentication. This allows unauthenticated attackers to delete GDPR data ...

4.3CVSS5.2AI score0.00204EPSS
CVE
CVE
added 2023/11/30 1:54 p.m.51 views

CVE-2023-34030

CVE-2023-34030 is a Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz and Complianz Premium. Affected: Complianz up to 6.4.5 and Complianz Premium up to 6.4.7. Public sources (NVD/NVD-linked) list CVSSv3.1 base scores of 8.8 (HIGH) with network attack vector, no p...

8.8CVSS8.5AI score0.00338EPSS
CVE
CVE
added 2023/11/30 2:0 p.m.50 views

CVE-2023-33333

The CVE describes a CSRF vulnerability in Really Simple Plugins Complianz and Complianz Premium that can lead to Cross-Site Scripting (XSS). Affected versions are Complianz up to 6.4.4 and Complianz Premium up to 6.4.6.1. The CVSS data indicates high impact (I/H, C/H, A/H) with network attack vec...

8.8CVSS8.4AI score0.00311EPSS
CVE
CVE
added 2024/01/04 3:30 a.m.47 views

CVE-2023-6498

CVE-2023-6498 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Complianz – GDPR/CCPA Cookie Consent . The issue arises from insufficient input sanitization and output escaping in admin settings, enabling an authenticated attacker with administrator-level permissions t...

4.8CVSS4.9AI score0.00326EPSS