Vulnerabilities > Welaunch > Wordpress Gdpr Ccpa

DATE CVE VULNERABILITY TITLE RISK
2022-02-01 CVE-2021-24814 Cross-site Scripting vulnerability in Welaunch Wordpress Gdpr&Ccpa
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type.
network
welaunch CWE-79
6.8
6.8
2022-02-01 CVE-2022-0220 Improper Encoding or Escaping of Output vulnerability in Welaunch Wordpress Gdpr&Ccpa
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type.
network
low complexity
welaunch CWE-116
6.1
6.1