7 matches found
CVE-2022-3494
CVE-2022-3494 affects the Complianz WordPress plugin (pre-6.3.4) and the Complianz Premium plugin (pre-6.3.6), allowing SQL injection via unsanitized translations. Attacks can occur through infected translation files or by translator-role users using plugins like Loco Translate or WPML. Impact pe...
CVE-2022-0193
The CVE-2022-0193 issue affects the WordPress Complianz – GDPR/CCPA Cookie Consent plugin prior to version 6.0.0. The root cause is the plugin not escaping the s parameter before echoing it into an HTML attribute on an admin page, enabling Reflected Cross-Site Scripting. Public advisories (NVD, R...
CVE-2023-1069
The CVE-2023-1069 entry concerns the WordPress plug‑in Complianz (free and Premium) prior to version 6.4.2. The vulnerability arises from failing to validate and escape several shortcode attributes before echoing them in posts/pages where the shortcode is used, enabling a Stored XSS vector. Affec...
CVE-2024-1592
CVE-2024-1592 affects the Complianz – GDPR/CCPA Cookie Consent plugin for WordPress (up to version 6.5.6). The root cause is missing/incorrect nonce validation in process_delete() of class-DNSMPD.php, enabling CSRF without authentication. This allows unauthenticated attackers to delete GDPR data ...
CVE-2023-34030
CVE-2023-34030 is a Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Complianz and Complianz Premium. Affected: Complianz up to 6.4.5 and Complianz Premium up to 6.4.7. Public sources (NVD/NVD-linked) list CVSSv3.1 base scores of 8.8 (HIGH) with network attack vector, no p...
CVE-2023-33333
The CVE describes a CSRF vulnerability in Really Simple Plugins Complianz and Complianz Premium that can lead to Cross-Site Scripting (XSS). Affected versions are Complianz up to 6.4.4 and Complianz Premium up to 6.4.6.1. The CVSS data indicates high impact (I/H, C/H, A/H) with network attack vec...
CVE-2023-6498
CVE-2023-6498 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Complianz – GDPR/CCPA Cookie Consent . The issue arises from insufficient input sanitization and output escaping in admin settings, enabling an authenticated attacker with administrator-level permissions t...