CVE-2019-15777

Name of the Vulnerable Software and Affected Versions shapepress-dsgvo plugin versions prior to 2.2.19

Description The issue concerns a Cross-Site Scripting (XSS) vulnerability. It is related to the "action" parameter in the /wp-admin/admin-ajax.php API endpoint, specifically when the action is set to "admin-common-settings" and the admin email parameter is used.

Recommendations For shapepress-dsgvo plugin versions prior to 2.2.19, update to version 2.2.19 or later to resolve the issue. As a temporary workaround, consider restricting access to the /wp-admin/admin-ajax.php API endpoint with the "action" parameter set to "admin-common-settings" and the admin email parameter until the update is applied.