{"id":3574,"date":"2020-02-18T06:42:16","date_gmt":"2020-02-18T06:42:16","guid":{"rendered":"https:\/\/seersco.com\/blogs\/?p=3574"},"modified":"2024-09-24T08:41:27","modified_gmt":"2024-09-24T08:41:27","slug":"wordpress-plugin-bug-700k-sites-at-risk","status":"publish","type":"post","link":"https:\/\/seersco.com\/blogs\/wordpress-plugin-bug-700k-sites-at-risk\/","title":{"rendered":"WordPress Plugin Bug: 700K Sites At Risk"},"content":{"rendered":"

Many WordPress Users are at critical risk of noncompliance with the \u201cGDPR Cookie Consent WordPress\u201d plugin. Here\u2019s how:<\/p>\n

The GDPR Cookie Consent Plugin that was designed to help in compliance, has come out to be counterproductive. The plugin was inherently bugged and never really allowed complete compliance. The critical flaw has rendered 700k sites believe they were complying while they were not.<\/p>\n

Exploring the iceberg further shows that the risk it posed was a lot deeper than this. This plugin, if exploited, allowed attackers to modify content and inject malicious JavaScript code into victim websites.<\/p>\n

The malicious plugin,\u00a0GDPR Cookie Consent<\/strong>, aimed to display effective cookie banners to meet the EU\u2019s privacy regulation<\/a>. It currently has more than 700,000 active installations of the version 1.8.2 and below.<\/span><\/p>\n

No organisation should put themselves under such supreme risk. Compliance is simpler if done the right way. To learn more about GDPR and Cookies<\/a> here.<\/p>\n

The developer was warned to resolve the issues earlier this week. It was then removed from the\u00a0WordPress<\/strong>\u00a0plugin directory. The notification then indicated that the plugin is \u201cpending a full review\u201d\u00a0 at the plugin page.<\/p>\n

This forced the developers to post a new version, 1.8.3. Cookie Law Info<\/a>, the developer posted the new version, on Feb. 10.<\/p>\n

The risk is centered in allowing access controls in an endpoint within the WordPress plugin\u2019s AJAX API. The creation of web applications was the attacker\u2019s sweet spot in the plugin. That endpoint is its \u201c_construct\u201d technique. This helps in initializing code for newly created items.\u00a0The developed actions through the AJAX \u201c_construct\u201d method fails to implement security checks.<\/p>\n

Because of this loophole, the subscribers can acquire the administrator-level permissions. This can lead to major vulnerability in the site of any and all of these 700 k users.<\/p>\n

According to researchers, this can compromise the site\u2019s security at any time. Compliance does not in any way require a business to put themselves in such a vulnerable position. A subscriber generally only has the right to login, view content and share comments.<\/p>\n

Two values of the AJAX code save_contentdata and autosave_content_data can be used for exploitation by an attacker.<\/p>\n

The save_contentdata method was created to allow administrators to store the GDPR cookie notices<\/a> to the database as a page post type. But, this process is unchecked. Any authenticated user or a subscriber can use this existing page, a post, or the whole website offline. They can do this by changing its status from \u201cpublished\u201d to \u201cdraft.\u201d<\/p>\n

According to Bruandet, The content can be deleted, injected changed. The attacker may attack the hyperlinks and shortcodes as well.<\/p>\n

Wordfence exposed details of the vulnerability. It was initially discovered by Jerome Bruandet, a security researcher with NinTechNet. His findings can be seen\u00a0in their post<\/a>.<\/p>\n

Are you at risk too? WordPress plugin should be updated right away.\u00a0 The latest version is better, but do you know what is best? Ensuring that your compliance is effective and on point with Seers.<\/p>\n

\"seers<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":4,"featured_media":3576,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_lock_modified_date":false,"footnotes":""},"categories":[20,1],"tags":[],"class_list":["post-3574","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-megamenufull","category-uncategorized","generate-columns","tablet-grid-50","mobile-grid-100","grid-parent","grid-50","no-featured-image-padding"],"_links":{"self":[{"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/posts\/3574","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/comments?post=3574"}],"version-history":[{"count":0,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/posts\/3574\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/media\/3576"}],"wp:attachment":[{"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/media?parent=3574"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/categories?post=3574"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/seersco.com\/blogs\/wp-json\/wp\/v2\/tags?post=3574"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}