Hackers exploit WordPress GDPR Plug-In

A WordPress plug-in used to help with GDPR compliance contains a dangerous privilege escalation vulnerability that attackers have been actively exploiting to compromise websites.

The popular WP GDPR Compliance plug-in’s software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their personal data or request data stored by the website’s database.

The bug specifically exists within the plug-in’s “wp-admin/admin-ajax.php” functionality. When exploited, the vulnerability “allows unauthenticated users to execute any action and to update any database value.” This allowed hackers to add new admin accounts onto affected sites then seizing full control of websites in order to potentially redirect users or potentially install malware. The plugin normally handles access and delete requests that are required for GDPR compliance, but the versions before the patch don’t properly sanitize the ‘save_setting’ action. Because of that, an attacker can inject arbitrary commands, which get stored until the plugin reaches its ‘do_action()’ call.

The bug was discovered by the WordPress.org Plugin Directory Team on Nov. 6 and patched the next day in version 1.4.3 and the plug-in’s over 100,000 users were urged to update as soon as possible to avoid being attacked.

Exploited sites had their site URLs changed to “hxxp://erealitatea[.]net”. An estimated number of approximately 7,600 sites were affected by this, shows a curated Google search. The malicious site seems to have been taken down, but when administrators and users attempt to interact with their WordPress sites, most of the sites will completely fail to load or crash when administrators attempt to edit.

Website owners hit by the redirection attack can fix the changed URL setting by manually editing the site’s database table wp_options. It is also recommended that they disable user registrations, ensure that the default user role is not set to Administrator, and enable web application firewalls.

2,716 thoughts on “Hackers exploit WordPress GDPR Plug-In

  1. cheap viagra says:

    Hi, I do believe this is a great site. I stumbledupon it 😉 I’m going to revisit once again since i have book marked it. Money and freedom is the greatest way to change, may you be rich and continue to guide other people. buy cheap viagra

  2. gabapentin says:

    Good post. I learn something more challenging on completely different blogs everyday. It would always be stimulating to read content from different writers and practice a little one thing from their store. I’d favor to make use of some with the content on my weblog whether or not you don’t mind. Natually I’ll offer you a link on your web blog. Thanks for sharing. neurontin high.

  3. Beverly Proctor says:

    Hello there Thomas,Tickets bought out Pretty instantly yes, nonetheless the good news is the pageant lasts all weekend. Click on right here for the comprehensive checklist of Harry Potter Competition gatherings. Owing!

  4. William Barrientes says:

    I will right away take hold of your rss feed as I can’t find
    your email subscription link or e-newsletter service.
    Do you’ve any? Kindly let me understand in order that I may subscribe.

  5. Teresa Smith says:

    Hi, i read your blog from time to time and i own a
    similar one and i was just wondering if you get a lot of spam feedback?
    If so how do you protect against it, any plugin or anything you can suggest?
    I get so much lately it’s driving me insane so any assistance is very much appreciated.

  6. Clyde Carbajal says:

    I seriously love your website.. Pleasant colors &
    theme. Did you develop this website yourself? Please reply back as I’m attempting to create my
    own personal website and would love to know
    where you got this from or just what the theme is called.
    Appreciate it!

  7. kratom capsules says:

    I have been browsing online more than 3 hours today, yet I never found any interesting article like yours. It is pretty worth enough for me. In my view, if all webmasters and bloggers made good content as you did, the net will be much more useful than ever before. kratom

  8. imackpapy says:

    ypg [url=https://cbdoil33.com/#]best cbd oil[/url] ofm [url=https://cbdoil33.com/#]cbd oil canada[/url]
    les [url=https://cbdoil33.com/#]buy cbd[/url]

  9. ArcaxiaAttisa says:

    lvv [url=https://cbdoil33.com/#]hemp oil extract[/url] ube [url=https://cbdoil33.com/#]full spectrum hemp oil[/url]
    qpo [url=https://cbdoil33.com/#]healthy hemp oil[/url]

  10. viagra generique says:

    I am really enjoying the theme/design of your weblog. Do you ever run into any web browser compatibility problems? A number of my blog audience have complained about my site not working correctly in Explorer but looks great in Chrome. Do you have any recommendations to help fix this issue? viagra sans ordonnance.