Arbitrary Code Execution Vulnerability in Van Ons WP GDPR Compliance Plugin (CVE-2018-19207)

CVE-2018-19207 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

Learn more about our Wordpress Pen Testing.