module
WordPress WP GDPR Compliance Plugin Privilege Escalation
| Disclosed |
|---|
| Nov 8, 2018 |
Disclosed
Nov 8, 2018
Description
The Wordpress GDPR Compliance plugin wordpress administration options by overwriting values within the database.
The vulnerability is present in WordPress's admin-ajax.php, which allows unauthorized
users to trigger handlers and make configuration changes because of a failure to do
capability checks when executing the 'save_setting' internal action.
WARNING: The module sets Wordpress configuration options without reading their current
values and restoring them later.
The vulnerability is present in WordPress's admin-ajax.php, which allows unauthorized
users to trigger handlers and make configuration changes because of a failure to do
capability checks when executing the 'save_setting' internal action.
WARNING: The module sets Wordpress configuration options without reading their current
values and restoring them later.
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.