Vulnerabilities > Welaunch

DATE CVE VULNERABILITY TITLE RISK
2024-11-19 CVE-2024-10388 Unspecified vulnerability in Welaunch Wordpress Gdpr
The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping.
network
low complexity
welaunch
6.1
6.1
2024-11-19 CVE-2024-11069 Missing Authorization vulnerability in Welaunch Wordpress Gdpr
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2.
network
low complexity
welaunch CWE-862
critical
 9.1
9.1
2022-04-25 CVE-2022-28290 Cross-site Scripting vulnerability in Welaunch Wordpress Country Selector 1.6.5
Reflective Cross-Site Scripting vulnerability in WordPress Country Selector Plugin Version 1.6.5.
network
low complexity
welaunch CWE-79
6.1
6.1
2022-02-01 CVE-2021-24814 Cross-site Scripting vulnerability in Welaunch Wordpress Gdpr&Ccpa
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type.
network
low complexity
welaunch CWE-79
critical
 9.6
9.6
2022-02-01 CVE-2022-0220 Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type.
network
low complexity
welaunch CWE-116
6.1
6.1