๐Ÿ” CVE Alert

CVE-2026-11869

MEDIUM 5.3

WP DSGVO Tools (GDPR) < 3.1.40 - Unauthenticated Sensitive Information Disclosure via Subject Access Request

CVSS Score
5.3
EPSS Score
0.1%
EPSS Percentile
3th

The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export (including name, postal address, phone number, email, and comment content) of any user, customer, or commenter by supplying their email address.

Vendor unknown
Product wp dsgvo tools (gdpr)
Published Jul 9, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for unknown wp dsgvo tools (gdpr)

Be the first to know when new medium vulnerabilities affecting unknown wp dsgvo tools (gdpr) are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / WP DSGVO Tools (GDPR)
0 < 3.1.40

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/49170650-0006-4f3b-90f4-f8bb176beb7b/

Credits

Shivamani Vastrala WPScan