Zero-day in popular WordPress plugin exploited in the wild to take over sites

Hackers have exploited –and are currently continuing to exploit– a now-patched zero-day vulnerability in a popular WordPress plugin to install backdoors and take over sites. The vulnerability affects WP GDPR Compliance, a WordPress plugin that helps site owners become GDPR compliant. The plugin is one of the most popular GDPR-themed plugins on the WordPress Plugins directory, with over 100,000 active installs. More security news Google’s automated fuzz bot has found over 9,000 bugs in the past two years Russia: Now everyone who uses a messaging app must be identifiable Why are fake Elon Musk bitcoin scams running rife on Twitter right now? States activate National Guard cyber units for US midterm elections Around three weeks ago, attackers seem to have discovered a vulnerability in this plugin and began using it to gain access to WordPress sites and install backdoor scripts. Initial reports about hacked sites were made into another plugin’s support forum, but that plugin turned out to have been installed as a second-stage payload on some of the hacked sites. After investigations led by the WordPress security team, the source of the hacks was eventually traced back to WP GDPR Compliance, which was the common plugin installed on all reported compromised sites. The WordPress team removed the plugin from the official Plugins directory earlier this week after they identified several security issues within its code, which they believed were the cause of the reported hacks. The plugin was reinstated two days ago, but only after its authors released version… [Read full story]