Jump to content
Sign in to follow this  
ChainScriptz_Bot

Vulnerability In WordPress GDPR Cookie Consent Plugin Risks 700K Websites

Recommended Posts

Another WordPress plugin has now joined the list of plugins exhibiting threatening security flaws. This time, the vulnerability appeared in the GDPR Cookie Consent plugin and risked the integrity of 700,000 websites. GDPR Cookie Consent Plugin Vulnerability Reportedly, a researcher from NinTechNet, Jerome Bruandet, has discovered a serious vulnerability in the GDPR Cookie Consent plugin. The bug, considering the 700,000+ active installations of the plugin, could have risked thousands of websites. As explained in a blog post, Bruandet, found a critical XSS flaw in the plugin that existed due to lack of capability checks in AJAX endpoint. In turn, it exposed the values autosave_contant_data and save_contentdata, enabling an attacker to conduct malicious activities. Specifically, exploiting save_contentdata could have let an adversary to pull published data offline, or entirely delete it. Whereas, exploiting autosave_contant_data could allow injecting malicious JavaScript codes to the site. Alongside Bruandet, the team Wordfence has also reviewed this vulnerability after they noticed updates in the plugin. The flaw particularly caught their attention after the plugin was closed for review, as stated in their post. They have deemed the bug a critical severity flaw with a CVSS score of 9.0. Patch Rolled Out The researcher Bruandet found the vulnerability and reported it to the plugin developers on January 28, 2020. The bug affected plugin versions until 1.8.2. Consequently, the developers patched the vulnerability with the release of GDPR Cookie Consent v.1.8.3. Since the fix is out, users must ensure they update their plugin to the latest versions to prevent potential exploits. GDPR Cookie Consent is a dedicated WordPress plugin that facilitates site admins in ensuring site compliance with GDPR. Earlier this year, WordFence team also discovered vulnerabilities in other WordPress plugins that also threatened thousands of users. These vulnerable plugins include Code Snippets, WP Time Capsule, and InfiniteWP Client.

Share this post


Link to post
Share on other sites
 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

Copywrite © 2020 ChainScriptz

×
  • Create New...