CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-34388 – WordPress GDPR Compliance plugin <= 1.2.5 - Sensitive Data Exposure vulnerability
https://notcve.org/view.php?id=CVE-2024-34388
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Scribit GDPR Compliance.This issue affects GDPR Compliance: from n/a through 1.2.5. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en el cumplimiento del RGPD de Scribit. Este problema afecta el cumplimiento del RGPD: desde n/a hasta 1.2.5. The GDPR Compliance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/gdpr-compliance/wordpress-gdpr-compliance-plugin-1-2-5-sensitive-data-exposure-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33682 – WordPress WP GDPR Compliance plugin <= 2.0.23 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-33682
Cross-Site Request Forgery (CSRF) vulnerability in Cookie Information A/S WP GDPR Compliance.This issue affects WP GDPR Compliance: from n/a through 2.0.23. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Cookie Information A/S WP GDPR Compliance. Este problema afecta el cumplimiento de WP GDPR: desde n/a hasta 2.0.23. The WP GDPR Compliance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.23. This is due to missing or incorrect nonce validation on a function. • https://patchstack.com/database/vulnerability/wp-gdpr-compliance/wordpress-wp-gdpr-compliance-plugin-2-0-23-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •