The popular Van Ons WordPress plugin for GDPR compliance, with more than 100,000 active installations, was patched on November 7th due to a privilege escalation vulnerability (CVE–2018–19207) found in version 1.4.2. The WP GDPR Compliance plugin helps website owners meet the recent GDPR European data privacy regulation. This came into effect in May of this year, boosting the plugin's popularity.
Starting on 10th November, our Threat Intelligence Group noticed a surge in attacks targeting this exploit vector.
Imunify360 customers were already protected by a WAF rule issued several days earlier. This rule detects and blocks malicious payloads attempting to exploit this attack vector. We're not aware of any WAF rules from other security vendors that provide protection against this specific attack.
The exploit works by enabling a user registration option, then granting admin rights to that user. If you suspect you may have been vulnerable, check your WordPress installation for any newly created and unknown users. Then look in WordPress settings and check the value for 'Anyone can register'. If this is on, you may be vulnerable.
Whether you are an Imunify360 customer or not, we recommend you immediately update the Van Ons WP GDPR Compliance WordPress plugin to the latest version (available here).
With an integrated and modular organization, Imunify360 scales with your company and your needs as a secure and reliable web hosting service. It is a multi-layered defense system, with intelligent firewalls and IDS/IPS, precision targeting and eradication of malware and viruses, a centralized cyber incident management control panel, Hardened PHP and 'Proactive Defense', automated Linux kernel patch management, reputation management, all unified in one cohesive package, making it the best and comprehensive choice for web hosting companies who are serious about WordPress security.