Legalweb Wp Dsgvo Tools vulnerabilities
6 known vulnerabilities affecting legalweb/wp_dsgvo_tools.
Total CVEs
6
CISA KEV
0
Public exploits
1
Exploited in wild
2
Severity breakdown
CRITICAL2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2021-42359P1CRITICALCVSS 9.1ExploitedPoC≤ 3.1.23≥ 3.1.23, ≤ 3.1.232021-11-05
CVE-2021-42359 [CRITICAL] CWE-284 CVE-2021-42359: WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capa
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by
nvd
CVE-2021-4358P1MEDIUMCVSS 6.1Exploitedfixed in 3.1.242023-06-07
CVE-2021-4358 [MEDIUM] CWE-79 CVE-2021-4358: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an u
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses
nvd
CVE-2026-4283P3CRITICALCVSS 9.1≤ 3.1.382026-03-24
CVE-2026-4283 [CRITICAL] CWE-862 CVE-2026-4283: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to unauthorized account destruction in all versions up to, and including, 3.1.38. This is due to the `super-unsubscribe` AJAX action accepting a `process_now` parameter from unauthenticated users, which bypasses the intended email-confirmation flow and immediately triggers irreversible acco
nvd
CVE-2026-10034P3MEDIUMCVSS 5.3≤ 3.1.392026-06-19
CVE-2026-10034 [MEDIUM] CWE-862 CVE-2026-10034: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an arbitrary victim email address and trigger immediate SAR
nvd
CVE-2026-0914P4MEDIUMCVSS 6.4≤ 3.1.362026-01-23
CVE-2026-0914 [MEDIUM] CWE-79 CVE-2026-0914: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lw_content_block' shortcode in all versions up to, and including, 3.1.36 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access an
nvd
CVE-2024-3201P4MEDIUMCVSS 6.4≤ 3.1.322024-05-23
CVE-2024-3201 [MEDIUM] CWE-79 CVE-2024-3201: The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the
The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above,
nvd