CVE-2024-11069
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Nov 19, 2024
CWE ID 862
Summary
CVE-2024-11069 is a vulnerability affecting the WordPress GDPR plugin. The issue lies in the 'WordPress_GDPR_Data_Delete::check_action' function, which lacks adequate capability checks. As a result, unauthenticated attackers can exploit this vulnerability to delete arbitrary user data, posing a significant risk to website security and privacy. This issue has been identified in all plugin versions up to and including 2.0.2. It is crucial for WordPress users to update the plugin to the latest version to mitigate this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share