VYPR
Critical severity9.8NVD Advisory· Published Jun 7, 2023· Updated Apr 8, 2026

CVE-2020-36718

CVE-2020-36718

Description

The GDPR CCPA Compliance Support plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.3 via deserialization of untrusted input "njt_gdpr_allow_permissions" value. This allows unauthenticated attackers to inject a PHP Object.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:ninjateam:gpdr_ccpa_compliance_support:*:*:*:*:*:wordpress:*:*+ 1 more
    • cpe:2.3:a:ninjateam:gpdr_ccpa_compliance_support:*:*:*:*:*:wordpress:*:*range: <=2.3
    • (no CPE)range: <=2.3

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.