Lucene search
WpvulndbWPVDB-ID:F4DB34E5-CEC2-4B7A-A33F-11F863974978HistoryFeb 05, 2024 - 12:00 a.m.
GDPR Data Request Form < 1.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
2024-02-0500:00:00
wpscan.com
1
gdpr
data request
wordpress
vulnerable
stored xss
input sanitization
output escaping
authenticated
contributor+.
Description The GDPR Data Request Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form_id parameter in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Related
cvelist
cvelist
vulnrichment
vulnrichment
nvd
nvd
CVE-2024-24836
2024-02-08 13:15:09
prion
prion
Cross site scripting
2024-02-08 13:15:00
cve
cve
CVE-2024-24836
2024-02-08 13:15:09
wordfence
wordfence
AI Score
6
Confidence
High
EPSS
0
Percentile
14.0%
Related for WPVDB-ID:F4DB34E5-CEC2-4B7A-A33F-11F863974978