Following the news that Zero-day attacks have been exploiting popular WordPress plugins to take over sites in the wild, Gavin Millard, VP of Intelligence at Tenable explains how this attack works and what users can do to protect themselves.
Gavin Millard, VP of Intelligence at Tenable:
“Ignoring the irony that this popular WP GDPR Compliance plugin could lead to customer information being lost, rather than demonstrating data diligence, the flaw highlights a much bigger issue. Often publicly berated for its security flaws, WordPress – and other popular content management systems (CMS) such as Drupal, are in the main secure when kept up to date, it’s often the additional modules added by website developers, that drastically increases the cyber exposure of these sites.”
“It’s important that both the core library, and all loaded third-party modules, are kept up to date and audited for flaws.”
“A patch has been released for this plugin and, given threat attackers are actively exploiting this flaw, it should be applied as a matter of urgency.”