Search
Find a vulnerability
Search criteria
2 vulnerabilities found for gpdr_ccpa_compliance_support by ninjateam
CVE-2020-36718 (GCVE-0-2020-36718)
Vulnerability from nvd – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:12
VLAI
EPSS
VEX
Title
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
Summary
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ninjateam | GDPR CCPA Compliance & Cookie Consent Banner |
Affected:
0 , ≤ 2.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:40:43.655866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:54:36.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GDPR CCPA Compliance \u0026 Cookie Consent Banner",
"vendor": "ninjateam",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:40.753Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-11-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "GDPR CCPA Compliance Support \u003c= 2.3 - PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36718",
"datePublished": "2023-06-07T01:51:35.736Z",
"dateReserved": "2023-06-06T13:04:55.503Z",
"dateUpdated": "2026-04-08T17:12:40.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-36718 (GCVE-0-2020-36718)
Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:12
VLAI
EPSS
VEX
Title
GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
Summary
The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
6 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| ninjateam | GDPR CCPA Compliance & Cookie Consent Banner |
Affected:
0 , ≤ 2.3
(semver)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:37:07.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"tags": [
"x_transferred"
],
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"tags": [
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-36718",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-26T17:40:43.655866Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-28T00:54:36.570Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "GDPR CCPA Compliance \u0026 Cookie Consent Banner",
"vendor": "ninjateam",
"versions": [
{
"lessThanOrEqual": "2.3",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jerome Bruandet"
}
],
"descriptions": [
{
"lang": "en",
"value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-08T17:12:40.753Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2408938"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
},
{
"url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
},
{
"url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
},
{
"url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
}
],
"timeline": [
{
"lang": "en",
"time": "2020-11-03T00:00:00.000Z",
"value": "Disclosed"
}
],
"title": "GDPR CCPA Compliance Support \u003c= 2.3 - PHP Object Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2020-36718",
"datePublished": "2023-06-07T01:51:35.736Z",
"dateReserved": "2023-06-06T13:04:55.503Z",
"dateUpdated": "2026-04-08T17:12:40.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}