Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for gpdr_ccpa_compliance_support by ninjateam

    CVE-2020-36718 (GCVE-0-2020-36718)

    Vulnerability from nvd – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:12
    VLAI
    Title
    GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
    Summary
    The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Credits
    Jerome Bruandet
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:37:07.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2408938"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-26T17:40:43.655866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:54:36.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GDPR CCPA Compliance \u0026 Cookie Consent Banner",
              "vendor": "ninjateam",
              "versions": [
                {
                  "lessThanOrEqual": "2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jerome Bruandet"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:12:40.753Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2408938"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
            },
            {
              "url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
            },
            {
              "url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
            },
            {
              "url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-11-03T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GDPR CCPA Compliance Support \u003c= 2.3 - PHP Object Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2020-36718",
        "datePublished": "2023-06-07T01:51:35.736Z",
        "dateReserved": "2023-06-06T13:04:55.503Z",
        "dateUpdated": "2026-04-08T17:12:40.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2020-36718 (GCVE-0-2020-36718)

    Vulnerability from cvelistv5 – Published: 2023-06-07 01:51 – Updated: 2026-04-08 17:12
    VLAI
    Title
    GDPR CCPA Compliance Support <= 2.3 - PHP Object Injection
    Summary
    The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-502 - Deserialization of Untrusted Data
    Assigner
    Impacted products
    Credits
    Jerome Bruandet
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:37:07.510Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2408938"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2020-36718",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-12-26T17:40:43.655866Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-12-28T00:54:36.570Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "GDPR CCPA Compliance \u0026 Cookie Consent Banner",
              "vendor": "ninjateam",
              "versions": [
                {
                  "lessThanOrEqual": "2.3",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Jerome Bruandet"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input \"njt_gdpr_allow_permissions\" value. This allows unauthenticated attackers to inject a PHP Object."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-502",
                  "description": "CWE-502 Deserialization of Untrusted Data",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:12:40.753Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2408938"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance"
            },
            {
              "url": "https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/"
            },
            {
              "url": "https://wordpress.org/plugins/ninja-gdpr-compliance/#developers"
            },
            {
              "url": "https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2020-11-03T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "GDPR CCPA Compliance Support \u003c= 2.3 - PHP Object Injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2020-36718",
        "datePublished": "2023-06-07T01:51:35.736Z",
        "dateReserved": "2023-06-06T13:04:55.503Z",
        "dateUpdated": "2026-04-08T17:12:40.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }