The popular GDPR Cookie Consent plugin, which has been downloaded over 700.000 times, was temporarily removed from the WordPress.org plugin repository earlier this week after the developer was notified of a critical bug. Two days later (on February 10) a new version
1.8.3 was released.
This new version contains a patch for this bug. Users are advised to update the plugin as quickly as possible.
About the GDPR Cookie Consent plugin
The bug was discovered by Jerome Bruandet, a security researcher at NinTechNet. After informing the developer, he published a blog post describing the problem. This is a vulnerability that allows attackers to remove or modify content from the affected website. This can then be formatted text, images, hyperlinks and short codes.
Both Bruandet and Wordfence and the plugin developer themselves advise users to update to version 1.8.3 of the GDPR Cookie Consent plugin as quickly as possible.