Serious security issue with WP GDPR Compliance plugin: Update now!


djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,473
Likes
680
A serious security flaw was discovered a couple of days ago in the WordPress plugin WP GDPR. WordPress grave-yarded the plugin as soon as this was made known to them and the plugin was updated the same day with a fix.

However, if you are not using auto-updates on your plugins (note: you absolutely should be!), you may still be using the older version putting you at risk. You need to ensure that you are running version 1.4.3. If you are still running any earlier version, update now!

WP GDPR Plugin Hacked - Update Immediately
By Roger Montti, Search Engine Journal
November 12, 2018

The popular WP GDPR Compliance plugin Plugin has a serious vulnerability. Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing. It is highly recommended to update now.

How Bad is the GDPR Plugin Hack?
This vulnerability is as bad as they get. Sites are actively being targeted.

For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.
proxy.php?image=https%3A%2F%2Fcdn.searchenginejournal.com%2Fwp-content%2Fuploads%2F2018%2F11%2Fwordpress-plugin-hackers.png&hash=8852833876c258e4011fff270c81b6fe

Screenshot of a WordPress control panel showing hackers with admin privileges.

An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.

This victim related that the hacking appeared to be automated. The hackers had not yet installed backdoors and rogue pages yet. He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.

It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages. Nevertheless, it’s important to update this plugin as soon as possible.
Read more...
 

djbaxter

Administrator
Administrator
Joined
Jun 28, 2012
Messages
2,473
Likes
680
The one mnentioned above is pretty good, now that the security issue is fixed. And give them credit - they fixed it in less than a day.
 

Similar threads


Local Search Forum


Weekly Digest
Subscribe/Unsubscribe


Google Product Exert

@LocalSearchLink

Join Our Facebook Group

Top