Advertisement
  1. SEJ
  2.  ⋅ 
  3. News

WP GDPR Plugin Hacked – Update Immediately

WP GDPR Plugin Hacked – Update Immediately

The popular WP GDPR Compliance plugin has a serious vulnerability.Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing.  It is highly recommended to update now.

Hacking Season 2018

It’s been my anecdotal observation for the past several years that hacking related events tend to increase in the months leading up to Christmas. Hacking related bot activity seems to increase beginning in November. I believe that the reason hack bots probing for vulnerabilities increase is because criminals are targeting holiday shoppers.

These hacking bots are not restricted to WordPress sites. There are hacking bots attacking every kind of CMS. If your CMS or server software is out of date, there is a strong possibility that your site has been compromised, regardless of the CMS.

According to my traffic logs, all kinds of software is being tested for vulnerabilities.

How Bad is the GDPR Plugin Hack?

This vulnerability is as bad as they get. Sites are actively being targeted.

For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.

screenshot of a hacked WordPress control panelScreenshot of a WordPress control panel showing hackers with admin privileges.

An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.

This victim related that the hacking appeared to be automated. The hackers had not yet installed back doors and rogue pages yet.

He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.

It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR Compliance plugin vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages.  Nevertheless, it’s important to update this plugin as soon as possible.

What is the WordPress GDPR Hack?

According to the WPScan Vulnerability Database, the vulnerability allows a hacker to do whatever they want with the site. Here is what the Vulnerability Database relates:

“The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value.”

Update WP GDPR Plugin

Update your plugin to the fixed version, 1.4.3 (or higher if available). Any version less than 1.4.3 may be vulnerable.

Read the announcement here:
https://wpvulndb.com/vulnerabilities/9144

Download the fixed plugin here
https://wordpress.org/plugins/wp-gdpr-compliance/

Images by Shutterstock, Modified by Author
Screenshots by Author, Modified by Author

Category News SEO Web Dev SEO
ADVERTISEMENT
SEJ STAFF Roger Montti Owner - Martinibuster.com at Martinibuster.com

I have 25 years hands-on experience in SEO, evolving along with the search engines by keeping up with the latest ...