Appsaloon: Security Vulnerabilities
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the plugin’s settings.
CVSS Score
7.3
EPSS Score
0.001
Published
2023-06-07
controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.
CVSS Score
6.1
EPSS Score
0.006
Published
2020-08-31