1 results (0.038 seconds)
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1
CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 1CVE-2020-36718 – GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
https://notcve.org/view.php?id=CVE-2020-36718
03 Nov 2020 — The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object. • https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability • CWE-502: Deserialization of Untrusted Data •