logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

GDPR CCPA Compliance Support < 2.4 - Unauthenticated PHP Object Injection

Description

The GDPR CCPA Compliance Support WordPress plugin was vulnerable to an Unauthenticated PHP Object Injection security vulnerability.

Proof of Concept

The vulnerability could triggered within the "njt_gdpr_allow_permissions" Base64 encoded cookie value.

Affects Plugins

ninja-gdpr-compliance

Fixed in version 2.4

References

URL

https://plugins.trac.wordpress.org/changeset/2408938

URL

https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance

URL

https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/

Classification

Type

OBJECT INJECTION

OWASP top 10

A8: Insecure Deserialization

CWE

CWE-502

Miscellaneous

Original Researcher

NinTechNet

Verified

No

WPVDB ID

92f1d6fb-c665-419e-a13b-688b1df6c395

Timeline

Publicly Published

2020-11-03 (about 8 months ago)

Added

2020-11-05 (about 8 months ago)

Last Updated

2020-11-06 (about 8 months ago)

Our Other Services

WPScan WordPress Security Plugin