Dsgvo-For-Wp: >> Dsgvo All In One For Wp >> 4.2 Security Vulnerabilities
The DSGVO All in one for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6. This is due to missing or incorrect nonce validation in the user_remove_form.php file. This makes it possible for unauthenticated attackers to delete admin user accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-02-04
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Leithold DSGVO All in one for WP allows Stored XSS.This issue affects DSGVO All in one for WP: from n/a through 4.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-08-29
Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-04-11