About three weeks ago, hackers started exploiting the zero-day cybersecurity vulnerability found in the WP GDPR Compliance plugin, a popular choice for WordPress users. The vulnerability has since been patched by the developers, but you should not hesitate to update it to version 1.4.3.
The WP GDPR Compliance plugin, as the name itself suggests, was designed to help your website become GDPR compliant. With more than 100,000 downloads, it’s one of the most commonly downloaded GDPR-themed plugins available today. If left unpatched, however, hackers could potentially take over your website, so this is not to be taken lightly.
Through a vulnerability that was discovered about three weeks ago, hackers have found a way through which they can install a backdoor script, allowing them to access the affected website at will. Soon after the WordPress security team identified the issue, the plugin was pulled from the official WordPress plugin directory. After the developers fixed the security issues, it was made available again, but if you have an older version installed, you’re still going to need to update it yourself.
Even though they could, it appears that hackers aren’t using the compromised websites for any malicious purposes at the time being. It seems they’re merely stockpiling them. Regardless of this, if you’ve installed the plugin on your website, now’s the time to update it. If nothing else, failing to do so could get you penalised by Google’s search engine algorithms, as a result of which your website rankings could experience a rapid downfall.