Serious vulnerability in GDPR plugin for WordPress

A vulnerability in the WP GDPR Compliance WordPress extension from developer Van Ons allows attackers to take control of the WordPress installation and even the entire server. As the security company Wordfence reports, up to and including version 1.4.2 of the plugin, outsiders can also make any settings in the WordPress installation.

Order now – the c’t special issue on the GDPR Highlights of the special issue: GDPR practice by specialist lawyers; what really matters in 2019; new obligations for companies; IT security requirements; Including webinar, short papers, FAQs, checklists.

  • c’t know GDPR in the heise shop

In concrete terms, an attacker could first activate user registration, if necessary, then create a new account in the normal way and finally declare it an admin. In this comfortable position, the attacker can eventually take over the server, for example by installing a malicious extension containing a web shell.

The affected extension “WP GDPR Compliance” is intended to make it easier for WordPress operators to meet the requirements of the General Data Protection Regulation (GDPR). The plugin seems to be very popular: The official WordPress plugin directory currently has over 100,000 active installations and over half a million total downloads.

According to Wordfence, the vulnerability is already being actively exploited by online crooks. In some cases, the company has found that compromised installations have created a user named “t2trollherten”, and attackers have also left behind webshells with the unobtrusive name “wp-cache.php”.

The secure version 1.4.3 has been available for download since November 7th. Anyone using the plugin on their WordPress site should make sure it is up to date, as WordPress installs have always been a popular target for online attackers. Admins should also take this opportunity to check whether the WooCommerce online shop plugin is installed and up to date. in versions older than 3.4.6 there is also a vulnerability that attackers can use to take control of the WordPress installation. (rei)