WP GDPR <= 2.1.1 - Multiple Unauthenticated Issues



Description
The plugin is affected by multiple issues, and has been closed from WP repo:
- Unauthenticated Stored XSS
- Unauthenticated Content spoofing
- Unauthenticated Arbitrary comment deletion
- Unauthenticated plugin's settings update

Affects Plugin

no known fix
- plugin closed

References

URL https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/

Classification

Type MULTI

Miscellaneous

Original Researcher Jerome Bruandet (nintechnet.com)
Views 1343
Verified No
WPVDB ID 10185

Timeline

Publicly Published 2020-04-23 (about 1 month ago)
Added 2020-04-23 (about 1 month ago)
Last Updated 2020-04-24 (about 1 month ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin