Welaunch Wordpress Gdpr Ccpa vulnerabilities
2 known vulnerabilities affecting welaunch/wordpress_gdpr_ccpa.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-0220P3MEDIUMCVSS 6.1PoC≤ 1.9.262022-02-01
CVE-2022-0220 [MEDIUM] CWE-116 CVE-2022-0220: The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, availab
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be exe
nvd
CVE-2021-24814P3CRITICALCVSS 9.6≤ 1.9.262022-02-01
CVE-2021-24814 [CRITICAL] CWE-79 CVE-2021-24814: The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, availab
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type. Since an HTML payload isn't properly escaped, it may be interpreted by a web browser led to this endpoint. Javascript code may be
nvd