CVE-2026-10034

MEDIUM EPSS 30.4%
Published Jun 19, 20261w ago · Modified Jun 22, 20261w ago
5.3 CVSS 3.1
Medium
Find Similar
Published Jun 19, 2026 1w ago
Last Modified Jun 22, 2026 1w ago

Description

The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an arbitrary victim email address and trigger immediate SAR processing via the process_now and is_ajax parameters, receiving tokenized download links (zip_link, pdf_link) in the HTTP response that expose the victim's personal data — including WordPress account details, comment author names, email addresses, IP addresses, and comment content — without any proof of ownership. The nonce used for the CSRF check is publicly rendered by the SAR shortcode form and is shared across all anonymous visitors, meaning any unauthenticated attacker can trivially obtain a valid nonce and bypass this gate entirely.

CVSS Details

Base Score
5.3
Exploitability
3.9
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
30.4% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-862 Missing Authorization Authorization

References 12

  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/includes/class-sp-dsgvo-ajax-action.php#L70
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/download-subject-access-request.php#L9
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L24
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L40
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L47
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/includes/class-sp-dsgvo-ajax-action.php#L70
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/download-subject-access-request.php#L9
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L24
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L40
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L47
  • plugins.trac.wordpress.org https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3574362%40shapepress-dsgvo&new=3574362%40shapepress-dsgvo&sfp_email=&sfph_mail=
  • wordfence.com https://www.wordfence.com/threat-intel/vulnerabilities/id/e4deb62a-1a75-4951-a0a0-297dd17276d3?source=cve

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.