CVE-2024-11069

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 862

Summary

CVE-2024-11069 is a vulnerability affecting the WordPress GDPR plugin. The issue lies in the 'WordPress_GDPR_Data_Delete::check_action' function, which lacks adequate capability checks. As a result, unauthenticated attackers can exploit this vulnerability to delete arbitrary user data, posing a significant risk to website security and privacy. This issue has been identified in all plugin versions up to and including 2.0.2. It is crucial for WordPress users to update the plugin to the latest version to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share