{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-10034", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-05-28T19:01:31.734Z", "datePublished": "2026-06-19T04:31:34.854Z", "dateUpdated": "2026-06-22T19:16:29.029Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-06-19T04:31:34.854Z"}, "affected": [{"vendor": "legalweb", "product": "WP DSGVO Tools (GDPR)", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.1.39", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an arbitrary victim email address and trigger immediate SAR processing via the process_now and is_ajax parameters, receiving tokenized download links (zip_link, pdf_link) in the HTTP response that expose the victim's personal data \u2014 including WordPress account details, comment author names, email addresses, IP addresses, and comment content \u2014 without any proof of ownership. The nonce used for the CSRF check is publicly rendered by the SAR shortcode form and is shared across all anonymous visitors, meaning any unauthenticated attacker can trivially obtain a valid nonce and bypass this gate entirely."}], "title": "WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4deb62a-1a75-4951-a0a0-297dd17276d3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L40"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/includes/class-sp-dsgvo-ajax-action.php#L70"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/download-subject-access-request.php#L9"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L40"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/includes/class-sp-dsgvo-ajax-action.php#L70"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/download-subject-access-request.php#L9"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3574362%40shapepress-dsgvo&new=3574362%40shapepress-dsgvo&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "kalomba"}], "timeline": [{"time": "2026-05-28T19:16:40.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-06-18T16:02:40.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-22T19:16:22.276610Z", "id": "CVE-2026-10034", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-22T19:16:29.029Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "WP DSGVO Tools (GDPR) <= 3.1.39 - Missing Authorization to Unauthenticated Sensitive Personal Data Disclosure via subject-access-request AJAX Endpoint (process_now/is_ajax Parameters)", "credits": [{"lang": "en", "type": "finder", "value": "kalomba"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "legalweb", "product": "WP DSGVO Tools (GDPR)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.1.39"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-05-28T19:16:40.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-06-18T16:02:40.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4deb62a-1a75-4951-a0a0-297dd17276d3?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L40"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/subject-access-request-action.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/includes/class-sp-dsgvo-ajax-action.php#L70"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.39/public/shortcodes/subject-access-request/download-subject-access-request.php#L9"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L40"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L47"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/subject-access-request-action.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/includes/class-sp-dsgvo-ajax-action.php#L70"}, {"url": "https://plugins.trac.wordpress.org/browser/shapepress-dsgvo/tags/3.1.38/public/shortcodes/subject-access-request/download-subject-access-request.php#L9"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3574362%40shapepress-dsgvo&new=3574362%40shapepress-dsgvo&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.39. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for unauthenticated attackers to supply an arbitrary victim email address and trigger immediate SAR processing via the process_now and is_ajax parameters, receiving tokenized download links (zip_link, pdf_link) in the HTTP response that expose the victim's personal data \u2014 including WordPress account details, comment author names, email addresses, IP addresses, and comment content \u2014 without any proof of ownership. The nonce used for the CSRF check is publicly rendered by the SAR shortcode form and is shared across all anonymous visitors, meaning any unauthenticated attacker can trivially obtain a valid nonce and bypass this gate entirely."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-06-19T04:31:34.854Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-10034", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-22T19:16:22.276610Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-06-22T19:16:25.367Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-10034", "state": "PUBLISHED", "dateUpdated": "2026-06-19T04:31:34.854Z", "dateReserved": "2026-05-28T19:01:31.734Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-06-19T04:31:34.854Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,3.1.39]"}}], "enrichment": {"confidence": 88.0, "confidence_source": "matching", "scores": [{"score": 88.0, "source": "matching"}]}, "original": {"product": "WP DSGVO Tools (GDPR)", "source": "cna", "vendor": "legalweb"}, "product": "wp_dsgvo_tools", "vendor": "legalweb"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "created": "2026-06-19T07:30:16.309826+00:00", "updated": "2026-06-24T20:30:04.377489+00:00", "vendors": ["legalweb", "legalweb$PRODUCT$wp_dsgvo_tools", "wordpress", "wordpress$PRODUCT$wordpress"]}