Victor Paynat-Sautivet

**Name of the Vulnerable Software and Affected Versions** WordPress GDPR WordPress plugin versions prior to 1.9.26 **Description** The issue concerns the `check privacy settings` AJAX action in the WordPress GDPR WordPress plugin. This action is accessible to both unauthenticated and authenticated users and returns JSON data without the correct content-type, which can lead to the interpretation of an HTML payload by a web browser. As a result, JavaScript code may be executed on a victim's browser. If the victim is an administrator with a valid session cookie, an attacker could gain full control of the WordPress instance, including the ability to make AJAX calls and manipulate iframes, due to the vulnerable endpoint being on the same domain as the admin panel. **Recommendations** For versions prior to 1.9.26, update to version 1.9.26 or later to resolve the issue. As a temporary workaround, consider restricting access to the `check privacy settings` AJAX action until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WordPress GDPR plugin versions prior to 1.9.27 **Description** The issue concerns the `check privacy settings` AJAX action in the WordPress GDPR plugin, which is accessible to both unauthenticated and authenticated users. This action responds with JSON data without the proper "application/json" content-type, and since the HTML payload is not properly escaped, it may be interpreted by a web browser, potentially leading to the execution of JavaScript code on a victim's browser. The vulnerability can be exploited against unauthenticated users due to the introduction of a CSRF check in version 1.9.26, which affects all unauthenticated users as they share the same nonce. **Recommendations** For versions prior to 1.9.27, update to version 1.9.27 or later to resolve the issue. As a temporary workaround, consider restricting access to the `check privacy settings` AJAX action to minimize the risk of exploitation.