Known as the WP GDPR Compliance plug-in, the software module helps ensure compliance with Europe’s General Data Protection Regulation by providing tools through which site visitors can permit use of their personal data or request data stored by the website’s database.
The bug specifically exists within the plug-in’s “wp-admin/admin-ajax.php” functionality. When exploited, the vulnerability “allows unauthenticated users to execute any action and to update any database value.”
Sucuri reports that website owners hit by the redirection attack can fix the unauthorized URL setting change by manually editing the site’s database table wp_options. A less desirable workaround is to define some constants within the w–config.php file.
https://www.scmagazine.com/home/security-news/attackers-exploit-gdpr-compliance-plug-in-for-wordpress/
No comments:
Post a Comment