WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

Short Info

Level

Critical

Single Scan

Can be used by

Asset Owner

Estimated Time

10 seconds

Time Interval

13 days 22 hours

Scan only one

Domain, Subdomain, IPv4

Toolbox

-

The WP GDPR Compliance plugin allows unauthenticated users to execute any action and update any database value. This vulnerability is due to the lack of proper validation in the Includes/Ajax.php file.

References:

https://wpvulndb.com/vulnerabilities/9157
https://github.com/aeroot/WP-GDPR-Compliance-Plugin-Exploit

Get started to protecting your digital assets

Start trial See the plans

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option

Short Info

-

Detail

Category