Critical vulnerabilities in a popular WordPress GDPR Compliance plugin was being exploited in the wild by hackers. WordPress since released version 1.4.3 that patched the critical flaws.
The plugin vulnerabilities could allow hackers to escalate privileges without authentication and infect vulnerable WordPress sites, according to a Wordfence report last Thursday.
The WordPress GDPR plugin has over 100,000 active installs and assists WordPress site owners to comply with the European privacy regulations known as General Data Protection Regulation (GDPR). The new GDPR data protection lawwent into effect May 24th, 2018 and imposes strict new rules on controlling and processing personally identifiable information (PII) across all 28 EU countries.
Any websites that use the GDPR plugin should update with the latest version as soon as possible.