News

WP GDPR Plugin Breach – Update Without Delay

Photo of SEO SEO Send an email October 7, 2024
0 5 2 minutes read

The popular WP GDPR Compliance plugin has a serious vulnerability. Any version less than 1.4.3 is at risk. Hackers are actively targeting this plugin, and sites are being compromised as of this writing. It’s highly recommended to update now.

Hacking Season 2018

From observation over the past several years, hacking-related events seem to increase in the months leading up to Christmas. Bot activity related to hacking tends to rise beginning in November. This is likely because criminals are targeting holiday shoppers.

These hacking bots are not limited to WordPress sites but attack every kind of CMS. If your CMS or server software is outdated, there is a significant chance that your site has been compromised, regardless of the CMS.

According to traffic logs, various software is being tested for vulnerabilities.

How Bad is the GDPR Plugin Hack?

This vulnerability is extremely severe. Sites are being actively targeted.

For instance, a Facebook user shared a screenshot of their hacked site. The screenshot shows that hackers managed to create two Administrator-level users on the website.

screenshot of a hacked WordPress control panelScreenshot of a WordPress control panel showing hackers with admin privileges.

An administrative-level user can do anything they want on a WordPress website. The Facebook user confirmed this site used the WP GDPR Compliance plugin.

This victim reported that the hacking appeared to be automated, with hackers yet to install backdoors and rogue pages.

He removed the rogue administrator accounts, then replaced his old WordPress installation with a fresh version and updated the plugin. The site was soon back online, free of hacking effects.

It appears the hackers may be using bots to hack WordPress sites through the WP GDPR Compliance plugin vulnerability, registering admin accounts before later creating rogue web pages. Therefore, updating this plugin as soon as possible is crucial.

What is the WordPress GDPR Hack?

According to the WPScan Vulnerability Database, the vulnerability allows a hacker to do whatever they want with the site. The Vulnerability Database states:

“The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value.”

Update WP GDPR Plugin

Update your plugin to the fixed version, 1.4.3 (or higher if available). Any version less than 1.4.3 may be vulnerable.

Read the announcement for more details.

Download the fixed plugin for safety.

Images by Shutterstock, Modified by Author
Screenshots by Author, Modified by Author

Photo of SEO SEO Send an email October 7, 2024
0 5 2 minutes read
Photo of SEO

SEO

Related Articles

Advanced SEO: Strategies for Elevating Your Keyword Approach

October 25, 2024

Updated Google Trends SEO Guide

October 25, 2024

5 SEO Trends for 2025

October 25, 2024

Google Now Recommends Higher Resolution Favicons

October 25, 2024
Leave a Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button