“The save_contentdata method allows the administrator to save the GDPR cookie notice to the database as a page post type” wrote NinTechNet.
The WordPress plugin is developed by WebToffee that addressed the flaw with the release of version 1.8.3, less than a week after the disclosure of the issues. The vulnerabilities affect version 1.8.2 and earlier.
The security firm
“Because the AJAX endpoint was intended to only be accessible to administrators, the vulnerability allows subscriber-level users to perform a number of actions that can compromise the site’s security.” states WordFence.
Giving a look at the download history of the plugin we can see that no more than 82,000 users have installed the latest version of the plugin, this means that more than 600K installations are still vulnerable.
|Last 7 Days||95.504|
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.