• Skip to content
  • Skip to primary sidebar
  • About Us
  • Privacy Policy
  • Disclaimers
  • DMCA
  • Contact Us
  • Submit your story

X-Buy

Reviews & Buys

You are here: Home / Security / Zero-day in popular WordPress plugin exploited in the wild to take over sites

Zero-day in popular WordPress plugin exploited in the wild to take over sites

November 9, 2018 by zdnet Leave a Comment

Hackers have exploited –and are currently continuing to exploit– a now-patched zero-day vulnerability in a popular WordPress plugin to install backdoors and take over sites. The vulnerability affects WP GDPR Compliance, a WordPress plugin that helps site owners become GDPR compliant. The plugin is one of the most popular GDPR-themed plugins on the WordPress Plugins directory, with over 100,000 active installs. More security news Google’s automated fuzz bot has found over 9,000 bugs in the past two years Russia: Now everyone who uses a messaging app must be identifiable Why are fake Elon Musk bitcoin scams running rife on Twitter right now? States activate National Guard cyber units for US midterm elections Around three weeks ago, attackers seem to have discovered a vulnerability in this plugin and began using it to gain access to WordPress sites and install backdoor scripts. Initial reports about hacked sites were made into another plugin’s support forum, but that plugin turned out to have been installed as a second-stage payload on some of the hacked sites. After investigations led by the WordPress security team, the source of the hacks was eventually traced back to WP GDPR Compliance, which was the common plugin installed on all reported compromised sites. The WordPress team removed the plugin from the official Plugins directory earlier this week after they identified several security issues within its code, which they believed were the cause of the reported hacks. The plugin was reinstated two days ago, but only after its authors released version… [Read full story]




  • My Top 10 WordPress Plugins
  • Publication of PoC in popular WordPress plugin leads to scans for vulnerable sites
  • Five WordPress Plugins You Should Update Right Now
  • Security flaw in WordPress plugin Google Analytics by Yoast exposed
  • Zero-day in popular jQuery plugin actively exploited for at least three years
  • Open source anniversary: How adopting 10 WordPress plugins changed my life
  • WordPress plugin vulnerabilities affect 20 million downloads
  • ​FBI: Expect ISIS hacks if you don't patch WordPress plugins
  • The best WordPress plugins 2018
  • Vulnerability patched in Google Analyticator Wordpress Plugin

Filed Under: Security photo contest wordpress plugin, ads wordpress plugin, event wordpress plugin, members wordpress plugin, contest wordpress plugin, composer wordpress plugin, grid wordpress plugin, forum wordpress plugin, gallery wordpress plugin, advertising wordpress plugin, sitemap wordpress plugin, essential grid wordpress plugin, slider revolution responsive wordpress plugin, breadcrumb wordpress plugin, category wordpress plugin, portfolio grid wordpress plugin, sidebar wordpress plugin, polling wordpress plugin, header plugin wordpress, footer plugin wordpress, sermon wordpress plugin, sermon plugin wordpress, most popular gambling sites, uploading local wordpress site to server, wordpress jquery plugin, hosted wordpress sites, most popular web hosting sites, popular betting sites, most popular betting sites, best hosting sites for wordpress

zdnet

About zdnet

ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *


Primary Sidebar

Categories

American Voices and Apple Cell Phone Reviews Cloud Consumer Electronics Reviews Culture CXO Enterprise Software First Looks Gaming Hardware Innovation Internet Internet Products jalopnik.com jezebel.com kotaku.com Kotaku East lifehacker.com Mobile Mobile App Reviews Mobility Movies Networking News News in Brief Newswire PCMag Asia PCMag Australia PCMag India PC Mag Middle East PCMag UK Phones Racing Ratings & Comparisons Sci Tech Security Software Reviews splinternews.com Tech Industry Telcos themuse.jezebel.com theslot.jezebel.com www.theroot.com

Recent Posts

  • K2 claims victory over zero-day attacks
  • How a second screen separates Samsung from the fold
  • Nintendo figurehead Reggie Fils-Aime is retiring, being replaced by Bowser
  • Galaxy S10’s Infinity-O display really is special. Here’s why
  • Redis Labs drops Commons Clause for a new license
  • Windows, dual-screen devices and shells: Piecing together Microsoft’s Chromebook-compete strategy
  • Galaxy Watch Active, and Galaxy Fit: a hands on look at Samsung’s new health features
  • Facebook accused of tricking kids in complaint to FTC
  • Google Cloud updates AI-powered speech tools for enterprises
  • Betrayal by CGI: Almost half of Gen Y and Z don’t know they’re following a bot

Copyright © 2019 X-Buy. Power by Wordpress.