ThreatPress

WordPress Vulnerability Database

Back

WordPress GDPR CCPA Compliance Support plugin <= 2.3 - Insecure Deserialization / Unauthenticated PHP Object Injection vulnerability

Product
GDPR CCPA Compliance Support
Description
Insecure Deserialization / Unauthenticated PHP Object Injection vulnerability found by NinTechNet in WordPress GDPR CCPA Compliance Support plugin (versions <= 2.3).
Solution
Update the WordPress GDPR CCPA Compliance Support plugin to the latest available version (at least 2.4).
Classification
Type PHP Object Injection
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 2.3
Fixed In 2.4
Disclosure date
2020-11-03
Credits
NinTechNet