Vulnerabilities > CVE-2024-11069 - Missing Authorization vulnerability in Welaunch Wordpress Gdpr

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

welaunch

CWE-862

critical

NVD

Published: 2024-11-19

Updated: 2025-01-23

Summary

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.

Vulnerable Configurations

Part	Description	Count
Application	Welaunch Welaunch Wordpress Gdpr *	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://www.welaunch.io/en/product/wordpress-gdpr/#changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve