The WP DSGVO Tools (GDPR) plugin for WordPress contains a critical vulnerability allowing unauthorized account destruction. Unauthenticated attackers can permanently destroy non-administrator user accounts by exploiting the super-unsubscribe AJAX action with a process_now parameter. The vulnerability affects all versions up to and including 3.1.38. Attackers can submit a victim's email address with process_now=1 to trigger irreversible account anonymization, including password randomization, username/email overwriting, role stripping, comment anonymization, and sensitive metadata wiping. The required nonce is publicly available on pages containing the unsubscribe_form shortcode, making exploitation straightforward for attackers.