← Back

Iubenda

iubenda

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
1Iubenda
1Iubenda Cookie Law Solution
Jun 17, 2026
Jan 2, 2023
N/A· v4
8.8 HIGH· v3
N/A· v2
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any...Show more
The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as edit_plugins etcShow less
1Iubenda
1Iubenda Cookie Law Solution
Jun 17, 2026
May 13, 2020
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols.