2 matches found
CVE-2024-11069
CVE-2024-11069 : WordPress GDPR plugin for WordPress allows unauthenticated deletion of arbitrary users due to a missing capability check in WordPress_GDPR_Data_Delete::check_action, affecting versions up to 2.0.2. Connected sources confirm the issue and indicate a patch/update path; Red Hat and ...
CVE-2024-10388
CVE-2024-10388 : WordPress GDPR plugin for WordPress suffers an unauthenticated Stored XSS via the gdpr_firstname/gdpr_lastname parameters in all versions up to 2.0.2. Root cause: insufficient input sanitization and output escaping. Impact: arbitrary scripts can execute when users view injected p...