Critical WordPress Plugin Bug Afflicts 700K Sites

2020-02-13 20:21

A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation, has issued fixes for a critical flaw.

The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU's privacy regulation, has more than 700,000 active installations - making it a ripe target for attackers.

Earlier this week, after the developer was notified of the critical flaw, the GDPR Cookie Consent plugin was removed from the WordPress.org plugin directory "Pending a full review" according to the plugin's directory page.

The vulnerability stems from improper access controls in an endpoint used by the WordPress plugin's AJAX API, a web development technique used to create web applications.

Researchers who discovered it urge WordPress plugin users to update as soon as possible: "This vulnerability has been fixed in version 1.8.3. We recommend that users immediately update to the latest version available," according to Wordfence.

News URL

https://threatpost.com/critical-wordpress-plugin-bug-afflicts-700k-sites/152871/

#critical #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14

News URL

Related news

Related vendor