CVE-2026-11869
WP DSGVO Tools (GDPR) < 3.1.40 - Unauthenticated Sensitive Information Disclosure via Subject Access Request
CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th
The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export (including name, postal address, phone number, email, and comment content) of any user, customer, or commenter by supplying their email address.
| Vendor | unknown |
| Product | wp dsgvo tools (gdpr) |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for unknown wp dsgvo tools (gdpr)
Be the first to know when new medium vulnerabilities affecting unknown wp dsgvo tools (gdpr) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Unknown / WP DSGVO Tools (GDPR)
0 < 3.1.40
References
Credits
Shivamani Vastrala WPScan