WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

GDPR CCPA Compliance Support < 2.4 - Unauthenticated PHP Object Injection

Description

The GDPR CCPA Compliance Support WordPress plugin was vulnerable to an Unauthenticated PHP Object Injection security vulnerability.

Proof of Concept

The vulnerability could triggered within the "njt_gdpr_allow_permissions" Base64 encoded cookie value.

Affects Plugins

ninja-gdpr-compliance
Fixed in version 2.4

References

URL
https://plugins.trac.wordpress.org/changeset/2408938
URL
https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance
URL
https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/

Classification

Type

OBJECT INJECTION

OWASP top 10
A8: Insecure Deserialization
CWE
CWE-502

Miscellaneous

Original Researcher

NinTechNet

Verified

No

WPVDB ID
92f1d6fb-c665-419e-a13b-688b1df6c395

Timeline

Publicly Published

2020-11-03 (about 2 years ago)

Added

2020-11-05 (about 2 years ago)

Last Updated

2020-11-06 (about 2 years ago)

Our Other Services

WPScan WordPress Security Plugin