Home Hacking News Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites

by Abeerah Hashim
written by Abeerah Hashim
Shield Security WP plugin patched file inclusion vulnerability

Another WordPress plugin has now joined the list of plugins exhibiting threatening security flaws. This time, the vulnerability appeared in the GDPR Cookie Consent plugin and risked the integrity of 700,000 websites.

GDPR Cookie Consent Plugin Vulnerability

Reportedly, a researcher from NinTechNet, Jerome Bruandet, has discovered a serious vulnerability in the GDPR Cookie Consent plugin. The bug, considering the 700,000+ active installations of the plugin, could have risked thousands of websites.

As explained in a blog post, Bruandet, found a critical XSS flaw in the plugin that existed due to lack of capability checks in AJAX endpoint. In turn, it exposed the values autosave_contant_data and save_contentdata, enabling an attacker to conduct malicious activities. Specifically, exploiting save_contentdata could have let an adversary to pull published data offline, or entirely delete it. Whereas, exploiting autosave_contant_data could allow injecting malicious JavaScript codes to the site.

Alongside Bruandet, the team Wordfence has also reviewed this vulnerability after they noticed updates in the plugin. The flaw particularly caught their attention after the plugin was closed for review, as stated in their post. They have deemed the bug a critical severity flaw with a CVSS score of 9.0.

Patch Rolled Out

The researcher Bruandet found the vulnerability and reported it to the plugin developers on January 28, 2020. The bug affected plugin versions until 1.8.2.

Consequently, the developers patched the vulnerability with the release of GDPR Cookie Consent v.1.8.3. Since the fix is out, users must ensure they update their plugin to the latest versions to prevent potential exploits.

GDPR Cookie Consent is a dedicated WordPress plugin that facilitates site admins in ensuring site compliance with GDPR.

Earlier this year, WordFence team also discovered vulnerabilities in other WordPress plugins that also threatened thousands of users. These vulnerable plugins include Code Snippets, WP Time Capsule, and InfiniteWP Client.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Multiple Vulnerabilities Found In Forminator WordPress Plugin

Palo Alto Networks Patched A Pan-OS Vulnerability Under...

Apple Removed Numerous Apps From China App Store

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...