New WordPress Privilege Escalation Flaw In WP GDPR Compliance Plugin

Ryan Seguin

A privilege escalation flaw in WordPress’ popular WP GDPR Compliance plugin has led to exploitation of numerous WordPress sites. Site owners and administrators are encouraged to upgrade to the latest version of the affected plugin.

Background

WordPress plugin "WP GDPR Compliance" versions before 1.4.3 are vulnerable to a privilege escalation attack. The attack doesn’t require authentication, and Sucuri.net reports that attackers have already exploited a number of sites. Exploited sites had their siteurls changed to "hxxp://erealitatea[.]net".

Impact assessment

As of Noon ET on November 12, a curated Google search shows approximately 7,600 sites with changed URLs to 'erealitatea[.]net'. The malicious site seems to have been taken down, but when administrators and users attempt to interact with their Wordpress sites, most of the sites will completely fail to load or crash when administrators attempt to edit.

Vulnerability details

The affected plugin normally handles access and delete requests that are required for GDPR compliance, but versions of this plugin before 1.4.3 don’t properly sanitize the 'save_setting' action. Because of that, an attacker can inject arbitrary commands, which get stored until the plugin reaches its 'do_action()' call.

A privilege escalation flaw in WordPress’ popular WP GDPR Compliance plugin has led exploitation of numerous WordPress sites.

Source: Wordfence.

With these flaws, an attacker can gain administrative access to the site and make direct changes, including uploading malicious plugins for additional attacks.

Urgently required actions

Administrators can manually edit the site’s database table wp_options to fix the URL if they’ve been attacked. The record option_name contains the “siteurl“ value. Admins can modify the domain in the option_value field.

With the URL fixed, the site should load normally, but we highly recommend checking for any malicious changes or uploads to the site, or restoring the site from an uncompromised backup. Once that step has been performed, site admins should immediately update the affected plugin to the latest version.

Identifying affected systems

Plugin 101841 will detect any WordPress plugins that are out of date, which includes the WP GDPR plugin, but doesn’t reflect the criticality of this specific issue.

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

Get more information

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.

Read more >

Published on Nov 12, 2018

People also viewed

Customer Success Manager - ANZ

North Sydney Australia Pacific Highway, North Sydney, Australia, NSW 2060 Customer Success Sales
Your Role:Tenable has an immediate need for a Customer Success Manager who will be responsible for establishing and driving sales activities for our software products within a designated geography.Companies today are grappling with an ever expandi...

Finance & Investor Relations Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Finance Internships
Your Role:Tenable has a Finance and Investor Relations Intern opportunity for college students entering their senior year or actively enrolled in an MBA program. If you're looking for a chance to apply what you're learning in your degree program, ...

Field and Channel Marketing Manager, Nordics and Benelux

Uxbridge United Kingdom Furzeground Way , Stockley Park, Uxbridge, United Kingdom, UB11 1EZ Field & Channel Marketing Marketing
Your Role:Tenable seeks an experienced field and channel marketing manager to generate demand for Tenable products and solutions across our Scandinavia and Benelux territories.  The successful candidate will have demonstrated experience creating, ...

Senior Data Engineer

Dublin Ireland Campshires, Sir John Rogerson's Quay, Dublin, Ireland Research Engineering
Your Role:Data Engineers here are involved in designing, developing and maintaining systems for data analysis, transformation, modelling and visualisation. We work directly with the data scientists to develop cutting edge uses of the data we colle...

Technical Support Manager

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Technical Support Technical Support
Your Role:Tenable is seeking a high energy, results oriented customer advocate capable of motivating an already exceptional support team to even higher levels of customer satisfaction. Our current global rating is over 93% satisfaction and we expe...

Cloud Security Intern

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Information Security Internships
Your Role: The Cloud Security Intern will help the Tenable secure their use of cloud systems across the company.  The intern will develop, implement and monitor security solutions for cloud that assess risk, keep Tenable data safe and bake in secu...

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.