WordPress · Wp Dsgvo Tools · CVE-2026-11869
**Name of the Vulnerable Software and Affected Versions**
WP DSGVO Tools (GDPR) versions prior to 3.1.40
**Description**
The data subject access request feature fails to perform an authorization check on its immediate-processing path. This allows unauthenticated attackers to generate and download a full personal-data export of any user, customer, or commenter by providing their email address. The exported data includes names, postal addresses, phone numbers, emails, and comment content.
**Recommendations**
Update the plugin to version 3.1.40 or later.