CVE-2026-0914
- EPSS 0.01%
- Veröffentlicht 23.01.2026 12:26:59
- Zuletzt bearbeitet 26.01.2026 15:03:51
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user ...
CVE-2024-3201
- EPSS 0.31%
- Veröffentlicht 23.05.2024 02:15:08
- Zuletzt bearbeitet 21.11.2024 09:29:08
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied ...
CVE-2021-4358
- EPSS 1.01%
- Veröffentlicht 07.06.2023 02:15:14
- Zuletzt bearbeitet 21.11.2024 06:37:29
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unaut...
CVE-2021-42359
- EPSS 20.07%
- Veröffentlicht 05.11.2021 21:15:09
- Zuletzt bearbeitet 21.11.2024 06:27:39
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As s...