What is this vulnerability?
The vulnerability in this plugin enables third parties to create administrative accounts in WordPress websites. Once such a user is generated, the website settings can be very easily changed and database modified. Files can be uploaded as well as anything else a fully legitimate admin account can perform.
The WP GDPR Compliance plugin is one of the many plugins providing help features for implementing GDPR requirements on a website. Some of those features are enabling a consent checkbox for processing personal data, an option for individuals to access their personal data collected in a suitable file format as well as the option for users to be erased (forgotten).
How is the vulnerability manifested?
In case your website is using the plugin and up to now you have not updated it, you should check its current status.
The first and most sure sign there is something wrong on the website is the availability of one or more additional users with administrative rights. Popular names for such malicious users are: t2trollherten and t3trollherten. If you find such users, remove them from your website.
Other signs might include:
- Website not loading or another website loading instead (erealitatea[.]net);
- Slowing down the website due to added external resources to malicious websites;
- Inability to log in into the administration;
- Administration of the website not loading, but another website loading instead;
- Added or modified options in the database (wp_options table);
- Suspicious cron jobs in cPanel, etc.
In case you discover one of the abovementioned:
- If your website is hosted by us, it has already been protected against this vulnerability. If you find something confusing in relation to the website’s operation, contact us so we can investigate.
- If your website is not hosted at SuperHosting.BG, you can restore it from backup after you find out it has been affected by this vulnerability. If possible and you have a backup available, recover database to the date before malicious users appeared on your website. If for one reason or another you cannot recover your website, you will need to look through your files, users, plugins, cron jobs and the website database.
We highly recommend updating the WP GDPR Compliance plugin
Thanks to the immediate reaction of our team the websites which were harmed were just a few, but all of them received an email notifying about the problem and providing further information on the protection and actions needed for updating the plugin.
We will keep tracking our customers’ websites for potential dangers. Each protection method added strengthens the security level of our system SH Protect which also means your websites are highly secured.
Check out our Blog regularly so that you do not miss important news and discoveries for the most popular CMS and fixed vulnerabilities.