If you use the WP GDPR Compliance plugin, we found a vulnerability that might put your site at risk. However, good news! If you’re hosting is on our hosting platform, we have implemented a rule-set that will automatically protect you, our customers, from this vulnerability.
And although the developer of this plugin has fixed the problem, there are still many WordPress users who may be at risk.
What Does this Vulnerability Do?
In a nut shell, endpoint users were capable of storing arbitrary information in the site’s database. At which point, the attacker could then run various WordPress actions.
And this could lead to a myriad of problems such as elevating an end user’s privileges to that of admin.
The end result from an attack could include installing malicious plugins, adding phishing pages or otherwise causing damage to the website.
What Can You Do?
Luckily, we were able to catch this vulnerability quickly. And we’ve added security protocols to keep you safe.
However, you can do your part to protect your website by:
- Always keeping your plugins and themes updated.
- Removing the WP-GDPR Compliance plugin and select a more secure tool.
- Always having security plugins installed such as Wordfence.
- Always keeping routine backups of your website.
Cyber security is an on-going process that keeps us on our toes. Although we do our best to keep out the trouble makers, you need to put in the effort to keep your content and data safe as well.
Together, problems like this can easily be avoided.