2024-11-19 07:35:26
Wordfence
PUBLISHED
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the WordPress_GDPR_Data_Delete::check_action function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.