CVE-2018-19207

CRITICAL EXPLOITED IN THE WILD NUCLEI LAB

Van Ons WP GDPR Compliance <1.4.3 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2018-19207 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 3 public exploits from researchers including aeroot, cved-sources, Mikey Veenstra (WordFence), Thomas Labadie, including a Metasploit module auxiliary/admin/http/wp_gdpr_compliance_privesc. A Nuclei detection template is also available.

AI-analyzed exploit summary This Python script exploits CVE-2018-19207 in the WP GDPR Compliance plugin (versions <=1.4.2) by enabling user registration, setting the default role to administrator, and creating an admin user via unauthenticated AJAX requests.

Description

The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows remote attackers to execute arbitrary code because $wpdb->prepare() input is mishandled, as exploited in the wild in November 2018.

Exploits (3)

nomisec WORKING POC 4 stars
by aeroot · remote
https://github.com/aeroot/WP-GDPR-Compliance-Plugin-Exploit

This Python script exploits CVE-2018-19207 in the WP GDPR Compliance plugin (versions <=1.4.2) by enabling user registration, setting the default role to administrator, and creating an admin user via unauthenticated AJAX requests.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WP GDPR Compliance Plugin <=1.4.2
No auth needed
Prerequisites: Target must have WP GDPR Compliance plugin <=1.4.2 installed · Valid email address for account creation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by cved-sources · poc
https://github.com/cved-sources/cve-2018-19207

This repository provides a Docker-based environment for CVE-2018-19207, a vulnerability in the WP GDPR Compliance plugin. The script sets up a vulnerable WordPress instance with the plugin activated, allowing for testing of the exploit.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WP GDPR Compliance plugin for WordPress
No auth needed
Prerequisites: Docker environment · WordPress installation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC
by Mikey Veenstra (WordFence), Thomas Labadie · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/http/wp_gdpr_compliance_privesc.rb

This Metasploit module exploits a privilege escalation vulnerability in the WordPress WP GDPR Compliance plugin (CVE-2018-19207) by allowing unauthenticated users to modify WordPress settings via admin-ajax.php due to missing capability checks. It enables user registration, sets the default role to administrator, and registers a new admin user.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: WordPress WP GDPR Compliance plugin <= v1.4.2
No auth needed
Prerequisites: Target must have the vulnerable plugin installed and activated
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

WP GDPR Compliance < 1.4.3 - Unauthenticated Call Any Action or Update Any Option
CRITICALVERIFIEDby iamnoooob,pdresearch

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/105921
Product, Vendor Advisory x_refsource_misc
https://wordpress.org/plugins/wp-gdpr-compliance/#developers
Exploit, Third Party Advisory x_refsource_misc
https://wpvulndb.com/vulnerabilities/9144

Scores

CVSS v3 9.8
EPSS 0.9184
EPSS Percentile 99.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull cved/base-wordpress

Details

VulnCheck KEV 2018-11-09
InTheWild.io 2019-10-03
CWE
CWE-425
Status published
Products (1)
van-ons/wp-gdpr-compliance < 1.4.3
Published Nov 12, 2018
Tracked Since Feb 18, 2026