WordPress Exploit in GDPR Plugin Puts 100,000 Websites at Risk
- June 7, 2021
- 4:31 pm
- No Comments
More than 100,000 websites were affected by a vulnerability in a WordPress plugin that was designed to help site owners comply with the General Data Protection Regulation (GDPR).
Researchers from Wordfence also reported evidence of attacks in which malicious third parties installed their own administrator accounts on various sites. Though the full scope of how cybercriminals might use this access is unknown, it could enable them to install malware and hijack sites to use in phishing schemes.
The plugin, called WP GDPR Compliance, was initially removed from a plugin repository after the WordPress exploit was discovered. A patched version has since been made available.
WordPress Exploit Enables Attackers to Hijack Websites
WP GDPR Compliance was created to address some requirements in the legislation around requests for data access and how data is deleted from WordPress-hosted sites. A bug in the system that registers new users, however, enables threat actors to create their own accounts. This gives them full privileges to control what happens on the site and lets them cover their tracks by disabling the same feature and locking out legitimate site owners.
A second use of the WordPress exploit involves manipulating WP-Cron, the plugin’s task scheduler, which enables attackers to create other entry points through which to take control of a site.
This WordPress exploit affects WP GDPR Compliance versions up to and including 1.4.2. The patched version, 1.4.3, is now available within the WordPress plugin repository.
How Can Site Owners Protect Their Accounts?
Along with theme directories, plugins are a highly popular avenue for attack on WordPress sites. According to IBM X-Force, for example, directory references to “plugins” were found in close to 40 percent of the WordPress URLs where malware or other files had been discovered.
The risks associated with the WP GDPR Compliance plugin reinforce the importance of proactive patching. However, security experts also suggest proactively scanning such sites for potential anomalies, which could include changes in files or, in this case, new admin accounts.
Related articles
Vendasta announces historic $119.5M round to revolutionize small business technology
Vendasta today announced C$119.5 million in financing to further accelerate the sales growth of its end-to-end e-commerce platform for companies who provide digital products and
Yext Launches Support Answers to Streamline Resolution Process for Customers and Agents
Yext, Inc. (NYSE: YEXT), the AI Search Company, today launched Support Answers, a suite of enterprise search solutions built for customer support teams. The launch
Vendasta announces inaugural Conquer Local Connect virtual event
Vendasta is proud to announce Conquer Local Connect, set to take place Thursday, June 24, 2021. The inaugural virtual event provides attendees with early access
Today is The Global Accessibility Awareness Day!
Thursday, May 20, 2021, marks the tenth Global Accessibility Awareness Day (GAAD). The purpose of GAAD is to get everyone talking, thinking, and learning about