Serious security issue with WP GDPR Compliance plugin: Update now!

More threads by djbaxter

djbaxter

djbaxter

Administrator
Joined
Jun 28, 2012
Messages
3,778
Solutions
2
Reaction score
1,877
A serious security flaw was discovered a couple of days ago in the WordPress plugin WP GDPR. WordPress grave-yarded the plugin as soon as this was made known to them and the plugin was updated the same day with a fix.

However, if you are not using auto-updates on your plugins (note: you absolutely should be!), you may still be using the older version putting you at risk. You need to ensure that you are running version 1.4.3. If you are still running any earlier version, update now!

WP GDPR Plugin Hacked - Update Immediately
By Roger Montti, Search Engine Journal
November 12, 2018

The popular WP GDPR Compliance plugin Plugin has a serious vulnerability. Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing. It is highly recommended to update now.

How Bad is the GDPR Plugin Hack?
This vulnerability is as bad as they get. Sites are actively being targeted.

For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.
Click to expand...
wordpress-plugin-hackers.png

Screenshot of a WordPress control panel showing hackers with admin privileges.

An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.

This victim related that the hacking appeared to be automated. The hackers had not yet installed backdoors and rogue pages yet. He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.

It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages. Nevertheless, it’s important to update this plugin as soon as possible.
Click to expand...

Read more...
 
The one mnentioned above is pretty good, now that the security issue is fixed. And give them credit - they fixed it in less than a day.
 
You must log in or register to reply here.

Similar threads

djbaxter
Important WordPress 5.8.3 Security Release
Replies
0
Views
3K
djbaxter
djbaxter
C
  • Solved
Duplicate without user-selected canonical OPTIONS
Replies
7
Views
4K
bdlowery
bdlowery
djbaxter
Important Emergency WP 5.5.3 Release
Replies
0
Views
3K
djbaxter
djbaxter
djbaxter
WordPress 5.5 update breaks plugins: Here’s the fix
Replies
6
Views
6K
hajnasiewicz
hajnasiewicz
djbaxter
WordPress Sites Targeted in Large-Scale Attacks
Replies
0
Views
4K
djbaxter
djbaxter

Login / Register

Already a member?   LOG IN
Not a member yet?   REGISTER

Events

LocalU - Navigating GBP Support

Newest Posts

Trending: Most Replies

Trending: Most Viewed

  Promoted Posts

New advertising option: A review of your product or service posted by a Sterling Sky employee. This will also be shared on the Sterling Sky & LSF Twitter accounts, our Facebook group, LinkedIn, and both newsletters. More...

Share this page

Top Bottom