CVE-2020-36697
WP GDPR <= 2.1.1 - Missing Authorization Checks
CVSS Score
7.3
EPSS Score
0.0%
EPSS Percentile
0th
The WP GDPR plugin for WordPress is vulnerable to authorization bypass due to a missing capability check in versions up to, and including, 2.1.1. This makes it possible for unauthenticated attackers to delete any comment and modify the pluginβs settings.
| CWE | CWE-862 |
| Vendor | koenhuybrechts |
| Product | wp gdpr |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for koenhuybrechts wp gdpr
Be the first to know when new high vulnerabilities affecting koenhuybrechts wp gdpr are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
koenhuybrechts / WP GDPR
0 β€ 2.1.1
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/032e775a-97be-4d93-bac3-094e35be4b11?source=cve blog.nintechnet.com: https://blog.nintechnet.com/unauthenticated-stored-xss-and-content-spoofing-vulnerabilities-in-wordpress-wp-gdpr-plugin-unpatched/ acunetix.com: https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-wp-gdpr-multiple-vulnerabilities-2-1-1/
Credits
Jerome Bruandet