The WordPress WP DSGVO Tools (GDPR), which has 30,000+ active installations, fixed a severe vulnerability affecting version 3.1.23 and below that has been actively exploited in the wild for several days.
On September 24, 2021 we warned that WordPress blogs were getting compromised because of an unfixed unauthenticated stored cross-site scripting vulnerability (XSS) that was used to redirect all traffic to a malicious https://store.piterreceiver.ga website (more details here). The code was injected in the database:
A new version 3.1.24 of the plugin was released today and users should update immediately.
Stay informed about the latest vulnerabilities
- Running WordPress? You can get email notifications about vulnerabilities in the plugins or themes installed on your blog.
- On Twitter: @nintechnet