1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: WordPress GDPR Compliance Plugin CVE-2018-19207

Web Attack: WordPress GDPR Compliance Plugin CVE-2018-19207

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a privilege escalation vulnerability in WordPress GDPR compliance plugin.

Additional Information

WordPress is a web-based publishing application implemented in PHP.

The WP GDPR Compliance plugin for WordPress is prone to a privilege-escalation vulnerability because it fails to properly sanitize the 'save_setting' action. An attacker can exploit this issue by injecting arbitrary commands, which get stored until the plugin reaches its 'do_action()' call. Successful exploits may allow an attacker to gain administrative access to the site and make direct changes, including uploading malicious plugins for future attacks.

An attacker can leverage this issue to execute arbitrary code with elevated privileges.

Affected

  • Versions prior to WP GDPR Compliance plugin 1.4.3 are vulnerable.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube