Beta

Report

WP DSGVO Tools (GDPR) <= 2.2.18 is vulnerable to Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Published
2019-08-28

The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS.

CVE

https://www.cve.org/CVERecord?id=CVE-2019-15777

CVSS

Score:5.4

Severity:Medium

Version: 2.2.18

There is a patch available in v2.2.19 and we strongly recommend you update to this version as soon as possible.