CVE-2024-1592

The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

We have discovered 67,856 live websites that are affected by CVE-2024-1592.

Test my site



Affected Software

Product  Complianz
Category Cookie compliance
Vulnerable Domains67,856 live websites (19.56% of Complianz install base)
Vulnerable Versions
  • from 0 through 6.5.6
Vulnerable Versions Count158 versions ( 86.34% of all versions)



Details

  • Published - Mar 2, 2024
  • Updated - Aug 1, 2024

Credits

  • Krzysztof Zając (finder)

CVE-2024-1592 usage by Country

United States6,990 websites


Germany22,966 websites
France8,261 websites
Spain5,782 websites
Italy3,870 websites
Czech Republic2,561 websites
GB2,083 websites
Netherlands1,894 websites
Switzerland1,425 websites
Slovakia1,390 websites

CVE-2024-1592 usage by TLD

.com18,771 websites
.de16,247 websites
.fr3,738 websites
.it3,331 websites
.es3,035 websites
.cz2,482 websites
.nl1,840 websites
.at1,802 websites
.org1,381 websites
.co.uk1,127 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2024-1592

Top websites that are affected by CVE-2024-1592. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.com United States*,***
*************.nl Netherlands*,***
********.de Germany**,***
*****.com United States**,***
******.com Germany**,***
*****.de Germany**,***
******.**********.fr France**,***
***********.**.gr Germany**,***
******.no United States**,***
***.********.com Germany**,***
See full domain list

FAQ

A total of 67,856 websites have been identified as vulnerable to CVE-2024-1592, discovered through global website indexing conducted by WebTechSurvey.
Complianz is susceptible to CVE-2024-1592 vulnerability.
Complianz versions before, and including, 6.5.6 are vulnerable to CVE-2024-1592.