The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 11:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Mlfactory
Mlfactory dsgvo All In One For Wp Wordpress Wordpress wordpress |
|
| Vendors & Products |
Mlfactory
Mlfactory dsgvo All In One For Wp Wordpress Wordpress wordpress |
Thu, 09 Jul 2026 10:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | The DSGVO All in one for WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 4.9. This is due to the dsgvo_reset_policy_service_func() function lacking both capability checks and nonce verification while processing user-supplied parameters to reset plugin options. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset all customized privacy policy content including cookie notices, Google Analytics policies, Facebook policies, and YouTube policies to their default values. | |
| Title | DSGVO All in one for WP <= 4.9 - Missing Authorization to Authenticated (Subscriber+) Settings Reset | |
| Weaknesses | CWE-862 | |
| References |
|
|
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2026-07-09T14:39:42.090Z
Reserved: 2026-03-16T19:14:02.711Z
Link: CVE-2026-4298
Updated: 2026-07-09T14:39:38.100Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-09T11:30:16Z