<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>WP DSGVO Tools (GDPR) Plugin - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/wp-dsgvo-tools-gdpr-plugin/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 02 Jan 2024 12:00:00 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/wp-dsgvo-tools-gdpr-plugin/feed.xml" rel="self" type="application/rss+xml"/><item><title>WP DSGVO Tools (GDPR) Plugin Vulnerable to Account Destruction (CVE-2026-4283)</title><link>https://feed.craftedsignal.io/briefs/2024-01-wp-gdpr-account-destruction/</link><pubDate>Tue, 02 Jan 2024 12:00:00 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2024-01-wp-gdpr-account-destruction/</guid><description>The WP DSGVO Tools (GDPR) WordPress plugin before version 3.1.39 is vulnerable to unauthenticated account destruction via the `super-unsubscribe` AJAX action, allowing attackers to irreversibly anonymize non-administrator user accounts.</description><content:encoded><![CDATA[<p>The WP DSGVO Tools (GDPR) plugin for WordPress, in versions up to and including 3.1.38, contains a critical vulnerability (CVE-2026-4283) that allows unauthenticated attackers to destroy user accounts. The vulnerability resides in the <code>super-unsubscribe</code> AJAX action, which is intended to handle account anonymization requests. However, by providing the <code>process_now=1</code> parameter along with a target user's email address, an attacker can bypass the email confirmation flow and immediately trigger the irreversible account anonymization process. The nonce value required for this AJAX request is exposed on any page containing the <code>[unsubscribe_form]</code> shortcode, making exploitation straightforward. This issue poses a significant risk to WordPress sites utilizing the affected plugin, potentially leading to widespread data loss and disruption of services.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An unauthenticated attacker identifies a WordPress site using a vulnerable version of the WP DSGVO Tools (GDPR) plugin (&lt;= 3.1.38).</li>
<li>The attacker navigates to a page on the target site that includes the <code>[unsubscribe_form]</code> shortcode to obtain the required nonce.</li>
<li>The attacker crafts a malicious AJAX request targeting the <code>super-unsubscribe</code> action endpoint (e.g., <code>/wp-admin/admin-ajax.php</code>).</li>
<li>The request includes the <code>action</code> parameter set to <code>super-unsubscribe</code>, the <code>process_now</code> parameter set to <code>1</code>, the victim's email address, and the extracted nonce value.</li>
<li>The WordPress server processes the request without requiring email confirmation due to the <code>process_now=1</code> parameter.</li>
<li>The targeted user account undergoes irreversible anonymization: password randomized, username/email overwritten, roles stripped, comments anonymized, sensitive usermeta wiped.</li>
<li>The victim loses access to their account, and their data is effectively destroyed.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>Successful exploitation of CVE-2026-4283 allows an unauthenticated attacker to permanently destroy non-administrator user accounts on affected WordPress sites. This leads to a loss of user data, disruption of services for affected users, and potential reputational damage for the website owner. The vulnerability affects all sites running the WP DSGVO Tools (GDPR) plugin versions 3.1.38 and earlier. A successful attack renders the targeted user account unusable, requiring manual intervention to recover (if possible).</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Immediately update the WP DSGVO Tools (GDPR) plugin to version 3.1.39 or later to patch CVE-2026-4283.</li>
<li>Deploy the Sigma rule &quot;Detect Unauthenticated Account Destruction Attempt via WP GDPR Plugin&quot; to identify potential exploitation attempts in web server logs.</li>
<li>Monitor web server logs for POST requests to <code>/wp-admin/admin-ajax.php</code> with <code>action=super-unsubscribe</code> and <code>process_now=1</code>, as detected by the provided Sigma rule.</li>
</ul>
]]></content:encoded><category domain="severity">critical</category><category domain="type">advisory</category><category>wordpress</category><category>gdpr</category><category>account-destruction</category><category>cve-2026-4283</category></item></channel></rss>