Attack Vectors

CVE-2026-4283 affects the WP DSGVO Tools (GDPR) WordPress plugin (slug: shapepress-dsgvo) in versions <= 3.1.38 and is rated Critical (CVSS 9.1; vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H).

The attack path is remote and requires no login and no user interaction. An unauthenticated attacker can send requests to the plugin’s AJAX action (super-unsubscribe) and provide a process_now parameter to bypass the intended email-confirmation workflow and immediately trigger irreversible account anonymization.

Practically, this means attackers can target any non-administrator account on the site and force account destruction/anonymization without the user’s consent—an especially high-risk scenario for membership sites, eCommerce customer accounts, and any WordPress installation where user accounts are tied to revenue or regulated communications.

Security Weakness

The core issue is missing authorization on a sensitive “account destruction/anonymization” function. The plugin’s design intent includes an email-confirmation step, but accepting the process_now parameter from unauthenticated users effectively bypasses the confirmation control and executes immediately.

Because the operation is designed to be irreversible, it goes beyond a typical nuisance bug: it enables unauthenticated parties to trigger destructive changes to user records (such as randomizing passwords, overwriting username/email, stripping roles, anonymizing comments, and wiping sensitive usermeta) for non-admin users.

Remediation: update WP DSGVO Tools (GDPR) to version 3.1.39 or newer (patched). Source: Wordfence vulnerability record. CVE record: CVE-2026-4283.

Technical or Business Impacts

Customer and lead loss: For sites that rely on WordPress accounts (subscriptions, memberships, gated content, portals, B2B partner access), attackers can effectively “delete” users from a business perspective, causing lost renewals, higher churn, and increased support costs.

Revenue and operational disruption: Account destruction can break customer journeys (saved carts, order history access, support tickets, preferences, loyalty status) and force manual remediation. Even if purchases remain in your commerce system, the customer’s ability to authenticate and self-serve may be impaired.

Marketing and communications risk: If user profiles are anonymized and emails overwritten, marketing lists, lifecycle campaigns, and consent-based communications may be disrupted. This can reduce campaign performance and create gaps in attribution and audience segmentation.

Compliance and reporting risk: Because the feature is privacy-related and the change is irreversible, unauthorized anonymization can complicate audit trails and internal investigations (who requested what, when, and why). It may also create disputes with customers who did not request deletion/anonymization.

Reputation risk: Public-facing account issues (customers “disappearing” or losing access) can rapidly erode trust—especially for brands that emphasize privacy, reliability, and secure handling of customer data.

Similar Attacks

Unauthenticated or weakly-protected endpoints that allow destructive changes are a recurring pattern in web platforms and plugins. A few notable examples include:

WordPress REST API content injection (CVE-2017-1001000) – a widely exploited issue that enabled unauthorized modification of site content under certain conditions.

WP GDPR Compliance plugin vulnerability coverage (WP Tavern) – an example of how security gaps in privacy/compliance plugins can create outsized risk due to the sensitivity of the functions they expose.