WordPress GDPR Compliance plugin hacked to spread backdoor

Update your GDPR Compliance plugin right now.

Security researchers have identified a critical vulnerability in the popular WP GDPR Compliance plugin assisting over 100,000 website owners around the world to comply with European privacy regulations known as GDPR that was announced by European Union on May 25th, 2018.

The vulnerability was discovered by researchers at Wordfence which allows hackers to take complete administrator access to WordPress installation, infect other vulnerable sites by installing backdoor scripts.

See: Ransomhack; a new attack blackmailing business owners using GDPR

The plugin has been developed by Van Ons web designers from the Netherlands who have fixed the vulnerability with the release of version 1.4.3 on November 7th, 2018 after increasing complaints from users reporting that their sites were hacked through the WP GDPR Compliance plugin.

After the outrage, the plugin was removed by WordPress however at the time of publishing this article; the plugin was restored. It is noteworthy that administrators using unpatched version up to 1.4.2 of the plugin are currently at risk.

Therefore, if you are using this particular GDPR plugin update it right now and scan your website for any malicious scripts that may have been installed by hackers.

“In several of the cases we’ve triaged since the disclosure of this vulnerability, we’ve seen malicious administrator accounts present with the variations of the username t2trollherten,” wrote Mikey Veenstra of Wordfence. This intrusion vector has also been associated with uploaded webshells named wp-cache.php. While these are common IOCs (Indicators of Compromise), these exploits are of course subject to change as attacks grow in sophistication,” wrote Mikey Veenstra of Wordfence in their blog post.

This is not the first time that a popular WordPress plugin was found vulnerable and abused by hackers. In October 2018, hackers exploited a critical vulnerability in three popular WordPress plugins Appointments, Flickr Gallery and RegistrationMagic-Custom Registration Forms which affected over 21,000 websites.

The same year in December, WordPress Captcha plugin was hacked to spread backdoor that affected over 300,000 sites at risk. If you are a WordPress user, here are 10 ways to protect your WordPress site you probably didn’t know about.

Related Posts