Vulnerabilities and security researches forninja-gdpr-compliance ninja-gdpr-compliance

Jun 05, 2025

CVE, Research URL: CVE-2025-48260
Home page URL: Security reports for GDPR CCPA Compliance Support
Application: GDPR CCPA Compliance Support
Date: May 19, 2025
Research Description: Missing Authorization vulnerability in Ninja Team GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.3.
Affected versions: Min -, max -.
Status: vulnerable

Jan 26, 2025

CVE, Research URL: CVE-2025-24591
Home page URL: Security reports for GDPR CCPA Compliance Support
Application: GDPR CCPA Compliance Support
Date: Jan 24, 2025
Research Description: Missing Authorization vulnerability in NinjaTeam GDPR CCPA Compliance Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects GDPR CCPA Compliance Support: from n/a through 2.7.1.
Affected versions: Min -, max -.
Status: vulnerable

Jun 08, 2024

CVE, Research URL: CVE-2024-5607
Home page URL: Security reports for GDPR CCPA Compliance Support
Application: GDPR CCPA Compliance Support
Date: Jun 07, 2024
Research Description: The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2020-36718
Home page URL: Security reports for GDPR CCPA Compliance Support
Application: GDPR CCPA Compliance Support
Date: Jun 07, 2023
Research Description: The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: fa6f3c0ea1c420112c1e8b4e1aad37c2acf3a52f
Home page URL: Security reports for GDPR CCPA Compliance Support
Application: GDPR CCPA Compliance Support
Date: Nov 03, 2020
Research Description: GDPR CCPA Compliance & Cookie Consent Banner [ninja-gdpr-compliance] < 2.4 WordPress GDPR CCPA Compliance Support plugin <= 2.3 - Insecure Deserialization / Unauthenticated PHP Object Injection vulnerability Insecure Deserialization / Unauthenticated PHP Object Injection vulnerability found by NinTechNet in WordPress GDPR CCPA Compliance Support plugin (versions <= 2.3).
Affected versions: Min -, max -.
Status: vulnerable