Vulnerabilities > Welaunch > Wordpress Gdpr
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-19 | CVE-2024-10388 | Unspecified vulnerability in Welaunch Wordpress Gdpr The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-11-19 | CVE-2024-11069 | Missing Authorization vulnerability in Welaunch Wordpress Gdpr The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. | 9.1 |