Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total4
Critical0
High0
Medium4
Reset
Showing 1-4 of 4 records
Threat Entry Updated 2025-08-01

CVE-2024-1592 - Complianz Plugin

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Complianz

CVE-2024-1592

MEDIUM CVSS 4.3 2024-03-02
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-6498 - Complianz Plugin

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 6.5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN Complianz

CVE-2023-6498

MEDIUM CVSS 4.4 2024-01-04
Open Full Technical Breakdown
Threat Entry Updated 2025-02-18

CVE-2023-1069 - Complianz Plugin

The Complianz WordPress plugin before 6.4.2, Complianz Premium WordPress plugin before 6.4.2 do not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

PLUGIN Complianz

CVE-2023-1069

MEDIUM CVSS 5.4 2023-03-27
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2022-0193 - Complianz Plugin

The Complianz WordPress plugin before 6.0.0 does not escape the s parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting

PLUGIN Complianz

CVE-2022-0193

MEDIUM CVSS 6.1 2022-02-14
Open Full Technical Breakdown
Scroll to top