Home > Cyber News > WP GDPR Compliance Plugin Vulnerabilities Exploited in Attacks

WP GDPR Compliance Plugin Vulnerabilities Exploited in Attacks

Have you been using the WordPress GDPR plugin called WP GDPR Compliance? Be cautious – the plugin has been hacked.

The WP GDPR Compliance plugin enables website owners to include a checkbox to their websites that allows visitors to grant permission. The plugin also allows users to request copies of the data that the particular WordPress website collects.

According to Wordfence researchers, the plugin has been compromised and was removed from the WordPress plugin repository yesterday. However, the plugin developers released version 1.4.3 of its product which patched the critical vulnerabilities. Currently, the plugin’s status is reinstated and has over 100,000 active installations.

Related: [wplinkpreview url=”https://sensorstechforum.com/make-website-gdpr-compliant/”]How to Make Your Site GDPR Compliant: The Ultimate Guide

WP GDPR Compliance Plugin Vulnerabilities Explained

According to Wordfence, the vulnerabilities allowed unauthenticated attackers to achieve privilege escalation, which could allow them to further infect vulnerable WordPress sites.

In technical terms, WP GDPR Compliance plugin is meant to handle a few types of actions which can be submitted via WordPress’s admin-ajax.php functionality. These actions usually include making data access requests, data deletion requests, but there’s also the functionality to change the plugin’s settings using the WordPress admin dashboard.

It appears that vulnerable versions of the plugin (up to and including version 1.4.2) fail to do capability checks when executing its internal action save_setting to make such configuration changes. If a threat actor submits arbitrary options and values to this endpoint, the input fields will be stored in the options table of the affected site’s database, Wordfence said, adding that:

In addition to the storage of arbitrary options values, the plugin performs a do_action() call using the provided option name and value, which can be used by attackers to trigger arbitrary WordPress actions.

The vulnerability has been reported as two separate flaws: an arbitrary options update bug and an arbitrary action calls bug. Nonetheless, both of the exploits are residing in the same block of code and executed with the same payload, meaning that they can be treated as a single privilege escalation vulnerability.

Related: [wplinkpreview url=”https://sensorstechforum.com/wordpress-site-owners-targeted-global-phishing-scam/”]WordPress Site Owners Targeted by Global Phishing Scam

As indicated by reports, the WP GDPR Compliance plugin vulnerability has been leveraged in the wild. In some of the cases, the ability to update arbitrary options values has been used to install new administrator accounts onto the impacted WordPress sites.

In several of the cases we’ve triaged since the disclosure of this vulnerability, we’ve seen malicious administrator accounts present with the variations of the username t2trollherten. This intrusion vector has also been associated with uploaded webshells named wp-cache.php, Wordfence said.

Website owners that have implemented this plugin should immediately update to the latest version (version 1.4.3) that has been patched against the described attacks.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree