SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  WordPress plugin GDPR Compliance Remote Code Execution

Category: WEB-ATTACKS      

The WordPress GDPR Compliance plugin <= v1.4.2 allows unauthenticated users to set wordpress administration options by overwriting values within the database. The vulnerability is present in WordPress’s admin-ajax.php, which allows unauthorized users to trigger handlers and make configuration changes because of a failure to do capability checks when executing the 'save_setting' internal action.


Relevant Information