More threads by djbaxter

djbaxter

Administrator
Joined
Jun 28, 2012
Messages
3,778
Solutions
2
Reaction score
1,877
A serious security flaw was discovered a couple of days ago in the WordPress plugin WP GDPR. WordPress grave-yarded the plugin as soon as this was made known to them and the plugin was updated the same day with a fix.

However, if you are not using auto-updates on your plugins (note: you absolutely should be!), you may still be using the older version putting you at risk. You need to ensure that you are running version 1.4.3. If you are still running any earlier version, update now!

WP GDPR Plugin Hacked - Update Immediately
By Roger Montti, Search Engine Journal
November 12, 2018

The popular WP GDPR Compliance plugin Plugin has a serious vulnerability. Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing. It is highly recommended to update now.

How Bad is the GDPR Plugin Hack?
This vulnerability is as bad as they get. Sites are actively being targeted.

For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.
wordpress-plugin-hackers.png

Screenshot of a WordPress control panel showing hackers with admin privileges.

An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.

This victim related that the hacking appeared to be automated. The hackers had not yet installed backdoors and rogue pages yet. He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.

It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages. Nevertheless, it’s important to update this plugin as soon as possible.

Read more...
 
The one mnentioned above is pretty good, now that the security issue is fixed. And give them credit - they fixed it in less than a day.
 

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

LocalU Event

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Top Bottom