Description
The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 09 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mlfactory
Mlfactory dsgvo All In One For Wp Wordpress Wordpress wordpress |
|
| Vendors & Products |
Mlfactory
Mlfactory dsgvo All In One For Wp Wordpress Wordpress wordpress |
Thu, 09 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values. | |
| Title | DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset | |
| Weaknesses | CWE-862 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-09T09:31:21.285Z
Reserved: 2026-03-16T19:14:02.711Z
Link: CVE-2026-4298
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T11:30:16Z
Weaknesses
-
CWE-862
Missing Authorization