Back to KEVs

CVE-2018-19207

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because...

Basic Information

CVE State: PUBLISHED
Reserved Date: November 12, 2018
Published Date: November 12, 2018
Last Updated: August 05, 2024
Vendor: Van Ons
Product: WP GDPR Compliance
Description: The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.
Tags

CVSS Scores

CVSS v3.0

9.8 - CRITICAL

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild: Yes (2018-11-12 17:00:00 UTC) Source

References

http://www.securityfocus.com/bid/105921 https://wordpress.org/plugins/wp-gdpr-compliance/#developers https://wpvulndb.com/vulnerabilities/9144 https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2018-11-12 17:00:00 UTC

Timeline

CVE ID Reserved

November 12, 2018
CVE Published to Public

November 12, 2018
Added to KEVIntel

November 12, 2018