Researchers are urging users of the GDPR Cookie Consent WordPress plugin to update as soon as possible.
A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation (GDPR), has issued fixes for a critical flaw. If exploited, the vulnerability could enable attackers to modify content or inject malicious JavaScript code into victim websites.
The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU’s privacy regulation, has more than 700,000 active installations – making it a ripe target for attackers. The vulnerability, which does not yet have a CVE number, affects GDPR Cookie Consent version 1.8.2 and below. Earlier this week, after the developer was notified of the critical flaw, the GDPR Cookie Consent plugin was removed from the WordPress.org plugin directory “pending a full review” according to the plugin’s directory page. The new version, 1.8.3, was released by Cookie Law Info, the developer behind the plugin, on Feb. 10.
For More Details :
https://threatpost.com/critical-wordpress-plugin-bug-afflicts-700k-sites/152871/
