Urgent bug fix for GDPR Cookie Consent plugin for WordPress

The popular GDPR Cookie Consent plugin, which has been downloaded over 700.000 times, was temporarily removed from the WordPress.org plugin repository earlier this week after the developer was notified of a critical bug. Two days later (on February 10) a new version 1.8.3 was released.

This new version contains a patch for this bug. Users are advised to update the plugin as quickly as possible.

About the GDPR Cookie Consent plugin

GDPR Cookie Consent is a popular WordPress plugin that helps website owners to comply with the General Data Protection Regulation (GDPR). The plugin creates a cookie banner that is displayed on the website and provides information about the cookies that the site uses. Visitors can accept the report or click through to a page with more information. As an admin user you can easily configure the cookie details from the backend. The list of cookies can be displayed on your cookie policy page using a shortcode. You can also adjust the colors, fonts, styles and positioning of the cookie banner so that it fits nicely with the design of your website. The plugin has more than 700,000 active installations. All websites that use an old version of the plugin (version 1.8.2 or older) are at risk.

 

Bug

The bug was discovered by Jerome Bruandet, a security researcher at NinTechNet. After informing the developer, he published a blog post describing the problem. This is a vulnerability that allows attackers to remove or modify content from the affected website. This can then be formatted text, images, hyperlinks and short codes.

It also allows for cross site scripting (XSS) attacks by saving the data into the cli_pg_content_data database field without validating it. An authenticated user can use it to inject JavaScript code, which will be loaded and executed each time someone, authenticated or not, visits the http://example.com/cli-policy-preview/ page.

Both Bruandet and Wordfence and the plugin developer themselves advise users to update to version 1.8.3 of the GDPR Cookie Consent plugin as quickly as possible.

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW

Related Posts

Join Our Online Security and Hosting Newsletter Today

and stay updated with the latest news, updates, releases & much more.
Subscribe
SUBSCRIBE NOW
close-link
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.