CVE-2024-11069

WordPress GDPR <= 2.0.2 - Missing Authorization to Unauthenticated Arbitrary User Deletion

Description

The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users.

INFO

Published Date :

2024-11-19T07:35:26.443Z

Last Modified :

2026-04-08T17:12:13.495Z

Source :

Wordfence

AFFECTED PRODUCTS

The following products are affected by CVE-2024-11069 vulnerability.

Vendors	Products
Welaunch	Wordpress Gdpr Wordpress Gdpr\&ccpa

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-11069.

URL	Resource
https://www.welaunch.io/en/product/wordpress-gdpr/#changelog
https://www.wordfence.com/threat-intel/vulnerabilities/id/a089026a-5da9-467c-a1e4-622bb74363e2?source=cve

CVSS Vulnerability Scoring System

V3.1

Detailed values of each vector for above chart.

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality Impact

Integrity Impact

Availability Impact