Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-4358: WordPress WP DSGVO Tools (GDPR) plugin patched severe vulnerability actively exploited in the wild.

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an unknown parameter in versions up to, and including, 3.1.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE
Open in Source
#xss#vulnerability#web#wordpress#auth

The WordPress WP DSGVO Tools (GDPR), which has 30,000+ active installations, fixed a severe vulnerability affecting version 3.1.23 and below that has been actively exploited in the wild for several days.

On September 24, 2021 we warned that WordPress blogs were getting compromised because of an unfixed unauthenticated stored cross-site scripting vulnerability (XSS) that was used to redirect all traffic to a malicious https://store.piterreceiver.ga website (more details here). The code was injected in the database:

A new version 3.1.24 of the plugin was released today and users should update immediately.

Stay informed about the latest vulnerabilities

  • Running WordPress? You can get email notifications about vulnerabilities in the plugins or themes installed on your blog.
  • On Twitter: @nintechnet

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE