CVE-2026-11869
EUVD-2026-4250909.07.2026, 07:16
The WP DSGVO Tools (GDPR) WordPress plugin before 3.1.40 does not perform an authorization check on the immediate-processing path of its data subject access request feature, allowing unauthenticated attackers to generate and download the full personal-data export (including name, postal address, phone number, email, and comment content) of any user, customer, or commenter by supplying their email address.Enginsight
Awaiting analysis
This vulnerability is currently awaiting analysis.