djbaxter

Administrator
Administrator
Moderator
Joined
Jun 28, 2012
Messages
3,515
Reaction score
1,661
A serious security flaw was discovered a couple of days ago in the WordPress plugin WP GDPR. WordPress grave-yarded the plugin as soon as this was made known to them and the plugin was updated the same day with a fix.

However, if you are not using auto-updates on your plugins (note: you absolutely should be!), you may still be using the older version putting you at risk. You need to ensure that you are running version 1.4.3. If you are still running any earlier version, update now!

WP GDPR Plugin Hacked - Update Immediately
By Roger Montti, Search Engine Journal
November 12, 2018

The popular WP GDPR Compliance plugin Plugin has a serious vulnerability. Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing. It is highly recommended to update now.

How Bad is the GDPR Plugin Hack?
This vulnerability is as bad as they get. Sites are actively being targeted.

For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.
wordpress-plugin-hackers.png

Screenshot of a WordPress control panel showing hackers with admin privileges.

An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.

This victim related that the hacking appeared to be automated. The hackers had not yet installed backdoors and rogue pages yet. He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.

It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages. Nevertheless, it’s important to update this plugin as soon as possible.

Read more...
 
Similar threads
Thread starter Title Forum Replies Date
djbaxter Urgent! Serious Security Threat Found in WordPress Plugin Yuzo Related Posts Websites, Software, and Security 1
Matt Chauhan Serious Problem With A Dentist's Local Rankings. NAP, Categories, Dashboard Data 1
S Serious False Negative Review Problem Local Reviews 20
Garrett Sussman Marketers: How to Help Your Clients With Customer Service. Seriously. Local Reviews 12
Margaret Ornsby Local Finder needs some serious work Google My Business & Google Maps 4
djbaxter Webinar Wordfence Live, Oct 27, 2020: How Secure is Your Hosting Provider? Events 0
djbaxter Security update Forum Software Updates and Technical Issues 3
djbaxter Xenforo Security patch - upgraded just now Admin Stuff 0
B Google Search Console Security Issue Local Search 10
P Security Services Chicago, IL Recycle Bin 0
djbaxter Critical security flaw in WordPress Jetpack plugin Websites, Software, and Security 0
U Google My Business Listing website not secure? Google My Business & Google Maps 9
djbaxter Security Warning for Gmail and Calendar Users Websites, Software, and Security 0
djbaxter Security vulnerability in WordPress Slick Popup Plugin Websites, Software, and Security 1
djbaxter Stay current with the latest WordPress and Plugins Security Issues with this newsletter Websites, Software, and Security 0
djbaxter Google Chrome 70 will blare "Non-Secure Site" in red Websites, Software, and Security 0
djbaxter Security risk: Autofill in browsers except Firefox Break Room: Chat and Off Topic 4
djbaxter WordPress 4.4.1 Security and Maintenance Release Marketing 2
djbaxter The WordPress Security Learning Center from Wordfence Websites, Software, and Security 3
djbaxter WordPress 4.2.2 Security and Maintenance Release Websites, Software, and Security 1
djbaxter Critical WordPress 4.2.1 Security Release Websites, Software, and Security 2
HurricaneK8 Google Starts Giving A Ranking Boost To Secure HTTPS/SSL Sites Organic SEO 14
djbaxter WordPress 3.5.2 Maintenance and Security Release Websites, Software, and Security 0
S Securing Client Reviews Local Reviews 2
djbaxter Fixed: Security Vulnerability in W3 Total Cache plugin in for WordPress Websites, Software, and Security 1
djbaxter Webmaster Tools and Google Analytics: Dangerous Security Flaw? Websites, Software, and Security 3
W Located in issues NAP, Categories, Dashboard Data 3
JamesGreenaway Map pin showing competitor and also direction issues Google My Business & Google Maps 3
E Issues with managing business pages on Facebook Citations 3
dateinadash Will changing https:// to https://www cause an issue with rankings? Organic SEO 3
dateinadash This location has been suspended due to quality issues - going round in circles! Please help? Google My Business & Google Maps 2
NevenaIvanova Brand Visibility Issue Caused by Building Entity Google My Business & Google Maps 2
J ISSUE: We are not accepting new registrations Contact Us Messages 1
djbaxter Warning issued to adta Warnings and Bans 0
A Google My Business Provider Program API Access İssues Recycle Bin 0
AndiFox GSC issues? (Flatliners) Local Search 2
djbaxter Warning issued to TraceyTaylorwnS Warnings and Bans 0
H Issues with downloading locations - bulk verified account Google My Business & Google Maps 2
djbaxter Warning issued to blanka_polkadot Warnings and Bans 0
C Issue on Mobile Forum Tech Support 1
A Big Issue with Google Map Rankings For Everyone Local Search 9
PKLilikoi "Redirect Notice" in Google causing Toxic Link issue in Tools Organic SEO 3
W Listing Claiming Issue Google Local 101 6
L Issues With Bulk Verification for Enterprise Organization Multi-Location Issues 1
djbaxter Warning issued to FatSniper Warnings and Bans 0
rossdunn Odd Issue with Practitioner Listing All Things Google My Business [PRIVATE] (LocalU) 3
JoyHawkins [Technical Issue] Don't Change the Address on Service Area Business Listings Google News: Important Changes & Features 5
NickB-Tampa Issues with transferring GMB listings Google My Business & Google Maps 2
melinaedealer Separate Department Listing Issues Multi-Location Issues 2
J Advice Needed - GMB Listing Visibility Issues Help & Support for Google Local 7

Similar threads

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Most UpVoted Answers

Trending: Most Viewed

LocalU Podcasts

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...
Google Product Exert


Top Bottom