CVE-2020-36718
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
CVSS Score
9.8
EPSS Score
0.0%
EPSS Percentile
0th
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
| CWE | CWE-502 |
| Vendor | ninjateam |
| Product | gdpr ccpa compliance & cookie consent banner |
| Published | Jun 7, 2023 |
| Last Updated | Apr 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for ninjateam gdpr ccpa compliance & cookie consent banner
Be the first to know when new critical vulnerabilities affecting ninjateam gdpr ccpa compliance & cookie consent banner are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Affected Versions
ninjateam / GDPR CCPA Compliance & Cookie Consent Banner
0 โค 2.3
References
wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2408938 plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance blog.nintechnet.com: https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/ wordpress.org: https://wordpress.org/plugins/ninja-gdpr-compliance/#developers wpscan.com: https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395
Credits
Jerome Bruandet