The popular WP GDPR Compliance plugin Plugin has a serious vulnerability.Any version less than 1.4.3 is vulnerable. Hackers are actively targeting this plugin. Sites are being hacked as of this writing. It is highly recommended to update now.
Hacking Season 2018
It’s been my anecdotal observation for the past several years that hacking related events tend to increase in the months leading up to Christmas. Hacking related bot activity seems to increase beginning in November. I believe that the reason hack bots probing for vulnerabilities increase is because criminals are targeting holiday shoppers.
These hacking bots are not restricted to WordPress sites. There are hacking bots attacking every kind of CMS. If your CMS or server software is out of date, there is a strong possibility that your site has been compromised, regardless of the CMS.
According to my traffic logs, all kinds of software is being tested for vulnerabilities.
How Bad is the GDPR Plugin Hack?
This vulnerability is as bad as they get. Sites are actively being targeted.
For example, a Facebook user shared the following screenshot of their hacked site. The screenshot shows that hackers were able to create two Administrator level users on his website.
An administrative level user is able to do anything they want on a WordPress website. The Facebook user confirmed that this site used the WP GDPR Compliance plugin.
This victim related that the hacking appeared to be automated. The hackers had not yet installed backdoors and rogue pages yet.
He removed the rogue administrator accounts. Then he removed his old WordPress installation and installed a fresh version and updated the plugin. The site was soon back online free of the hacking effects.
It appears that the hackers may be employing bots whose role is limited to hacking WordPress sites through the WP GDPR vulnerability then registering admin accounts. It is later on that they set about creating rogue web pages. Nevertheless, it’s important to update this plugin as soon as possible.
What is the WordPress GDPR Hack?
According to the WPScan Vulnerability Database, the vulnerability allows a hacker to do whatever they want with the site. Here is what the Vulnerability Database relates:
“The plugin WP GDPR Compliance allows unauthenticated users to execute any action and to update any database value.”
Update WP GDPR Plugin
Update your plugin to the fixed version, 1.4.3 (or higher if available). Any version less than 1.4.3 may be vulnerable.