Open marcialwushu opened 5 years ago
CVE-2018-19207 | Learn more at National Vulnerability Database (NVD)• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information |
---|
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Blocked for WP GDPR Compliance <= 1.4.2 - Update Any Option / Call Any Action in POST body: action=wpgdprc_process_action
Update an option:
Affects Plugin
wp-gdpr-compliance fixed in version 1.4.3
References
Classification
Miscellaneous
WPVULNDB