cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-1592,https://securityvulnerability.io/vulnerability/CVE-2024-1592,Unauthenticated Attackers Can Delete GDPR Data Requests via Cross-Site Request Forgery,"The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.",Wordpress,Complianz – Gdpr/ccpa Cookie Consent,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-02T06:46:19.551Z,0
CVE-2023-6498,https://securityvulnerability.io/vulnerability/CVE-2023-6498,Stored Cross-Site Scripting in Complianz Cookie Consent Plugin for WordPress,"The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress has a vulnerability that allows authenticated attackers with administrator-level permissions to exploit Stored Cross-Site Scripting through inadequately sanitized input and output. This affects all versions up to and including 6.5.5, particularly in multi-site installations or where unfiltered_html settings are disabled. By injecting arbitrary web scripts, attackers can affect users accessing manipulated pages, presenting significant risks to site security.",Wordpress,Complianz – GDPR/CCPA Cookie Consent,4.4,MEDIUM,0.0004799999878741801,false,,false,false,false,,false,false,2024-01-04T04:15:00.000Z,0
CVE-2023-1069,https://securityvulnerability.io/vulnerability/CVE-2023-1069,Complianz - GDPR/CCPA Cookie Consent < 6.4.2 - Contributor+ Stored XSS,"The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,"Complianz,Complianz Premium",5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-03-27T16:15:00.000Z,0
CVE-2022-3494,https://securityvulnerability.io/vulnerability/CVE-2022-3494,"Complianz (Free < 6.3.4, Premium < 6.3.6) - Translator SQLi","The Complianz WordPress plugin before 6.3.4, and Complianz Premium WordPress plugin before 6.3.6 allow a translators to inject arbitrary SQL through an unsanitized translation. SQL can be injected through an infected translation file, or by a user with a translator role through translation plugins such as Loco Translate or WPML.",Wordpress,"Complianz – Gdpr/ccpa Cookie Consent,Complianz Premium",8.8,HIGH,0.0011399999493733048,false,,false,false,false,,false,false,2022-11-07T00:00:00.000Z,0
CVE-2022-0193,https://securityvulnerability.io/vulnerability/CVE-2022-0193,Complianz - GDPR/CCPA Cookie Consent < 6.0.0 - Reflected Cross-Site Scripting,"The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting",Wordpress,Complianz – GDPR/CCPA Cookie Consent,6.1,MEDIUM,0.0007399999885819852,false,,false,false,false,,false,false,2022-02-14T09:21:01.000Z,0