A few days ago, WordFence published information about an actively exploited security vulnerability in a popular plugin for handling website compliance with RODO WP GDPR Compliance. Virtually any user can get administrator rights, and then hulaj soul. The error is in allowing users to activate their registration on the website and assigning them to a group of administrators. In practice, this means a complete takeover of the website. WordFence notes active exploitation of this vulnerability.

If you are using this extension on your site it is essential that you perform an update. Version 1.4.3 of this popular plugin has been released in the WordPress repository, which eliminates the dangerous vulnerability. Also review your users, as WordFence reports that if the vulnerability is exploited they have seen the creation of their accounts with related names to t2trollherten. So if you find a similar user and have the said plugin on board, you can be sure that the vulnerability has been exploited. If this is the case, be sure to update the plugin and remove such users. It's also worth taking a look at any files that may have appeared on your hosting account and if you spot something that shouldn't be there, delete it too. Do not forget to change your passwords.

Details can be found on the website: WordFence


See also

Free information on JZS news

I invite you to become a subscriber! Thousands of readers already subscribe to news from JZS.

You can unsubscribe at any time. Your address is safe here.

Featured LifeTime Offers!

Play.ht lifetime

Turn your website publications into high quality audio recordings.

Scalify LTD

Create ads, publish them and increase conversions for Facebook campaigns,...

Leave a Reply

Your email address will not be published. Required fields are marked *