A major security flaw was detected in the WP GDPR Compliance plugin. Sites with a version lower than 1.4.3 installed are exposed to an unauthorized creation of an account with administrator privileges in WordPress.
The popular WP GDPR Compliance plugin helps to implement checkbox related to the processing of personal data on forms. Up to version 1.4.2, it also allows you to create a new user in WordPress and give it administrator privileges. The t2trollherten and t3trollherten users were most often created on the compromised sites.
How to protect yourself? What should I do if I have users I do not recognize?
We suggest that you check as soon as possible whether your new user has recently been added to your WordPress. If so, we suggest to restore a copy of the site from before the infection, because we are unable to determine what exactly has changed in the system, and then update the plugin to the latest version as soon as possible to close the gate to people who would like to access your web applications.
An example of code that has been injected into WordPress files when hacking with the GDPR Compliance plugin is in this article.
- A direct connection between Smarthost and Cloudflare - October 2, 2024
- Why is Redis better than Memcached? - September 16, 2024
- What is DMARC and why should you have it? - July 12, 2023