WordPress GDPR compliance plugin hacked | Cyber Security
Cyber Security

WordPress GDPR compliance plugin hacked | Cyber Security

Related Posts

How AI, Machine Learning, and Endpoint Security Overlap

11 Useful Security Tips for Securing Your AWS Environment

 

The General Protection Data Regulation (GDPR) is supposed to make companies take extra care with their customers’ personal data. That includes gathering explicit consent to use information and keeping it safe from identity thieves.

WP GDPR is a plugin that allows website owners to add a checkbox to their websites. The checkbox allows visitors handing over their data to grant permission for the site owners to use it for a defined purpose, such as handling a customer order. It also allows visitors to request copies of the data that the website holds about them.

Users send these requests using admin-ajax.php, which is a file that lets browsers connect with the WordPress server. It uses Ajax, a combination of JavaScript and XML technology that creates smoother user interfaces. This system first appeared in WordPress 3.6 and allows the content management system to offer better auto-saving and revision tracking among other things.

The GDPR plugin also allows users to configure it via admin-ajax.php, and that’s where the trouble begins. Attackers can send it malicious commands, which it stores and executes. They can use this to trigger WordPress actions of their own.

You might also like

Google Launches Cybersecurity Career Certificate Program

ChatGPT Emerges as Key AI Tech for Security Vendors

Hackers Use HTML Smuggling To Distribute Malware by E-mail

5 safety tips to follow while making digital payment transactions

Leave A Reply

Your email address will not be published.