Websites with the WordPress GDPR Compliance plugin fitted are being hijacked by hackers. A vulnerability in the plugin is being abused, allowing attackers to change site settings and record new user accounts with admin rights.
The vulnerability can be distantly abused by unauthorized users, a lot of whom have automated misuse of the vulnerability to hijack as many sites as possible prior to the vulnerability is rectified.
The vulnerability was found by safety scientists at Defiant, who noted that in a number of attacks, after abusing the vulnerability the attackers have rectified
Compromised websites can be utilized for phishing and other cheats, or the sites might have exploited kits uploaded to silently downloaded malware onto visitors’ appliances. An examination of compromised websites has not exposed any payload at this phase. Defiant scientists propose that the initial goal is to compromise as many sites as possible before the
vulnerability weakness is rectified. Compromised sites might be sold or the attackers could be biding their time before the attack stage is launched.
After WordPress became aware that the WordPress GDPR Compliance plugin vulnerability was being actively abused in the wild, the plugin was removed from the official WordPress store and the developer was informed. A new type of
Any website proprietor that has the WordPress GDPR Compliance plugin installed should make sure it is updated to version 1.4.3, which was released on November 7, 2018. Site proprietors must also check their sites for any indication of illegal modifications and checks must be carried out to see if any new admin accounts have been produced.