Popular GDPR WordPress plugin hacked

Users should update the "WP GDPR Compliance" plugin to version 1.4.3 to protect their websites.

About three weeks ago users of a popular WordPress plugin which aims to make GDPR compliance easier noticed that their sites were being compromised.  It turns out that the plugin, prior to version 1.4.3 was susceptible to a hack which allowed hackers to gain control over their websites. The plugin has since been patched but users of the plugin who haven't yet installed the update are risking their website, their users' data and - somewhat ironically - being fined by the Information Commissioner's Office (ICO), for not holding their users' data securely.

The plugin is one of the most popular GDPR-type plugins with over 100,000 active installs.

Initial reports about hacked sites were made into a different plugin's support forum, but that plugin had actually been installed as a second-stage payload on some of the hacked sites - very sneaky! Investigating,  the WordPress security team, traced the source of the hacks back to WP GDPR Compliance, which was the common plugin installed on all of the reported compromised sites.

The WordPress team removed the plugin from the official Plugins directory earlier this week and was reinstated two days ago, after its authors released a patched version (v1.4.3).

Unfortunately, despite the fixed update, attacks are still being made on sites that haven't yet updated. Security analysts have reported that they're still detecting attacks that try to exploit one of the plugin's security issues.

Currently, the attackers don't seem to be doing anything malicious with the hacked sites, according to Wordfence, a top security plugin author for WordPress. But to be honest, it's only a matter of time.

Site owners using an outdated version of the WP GDPR Compliance plugin should updated or remove it from their sites and clean any backdoors that have been left behind, otherwise their site could be the cause of spreading a whole lot of misery.

 Saturday, November 10, 2018

« Back

Powered by WHMCompleteSolution