Support » Plugin: WP GDPR Compliance » Plugin closure – we’ll be back shortly!

  • ResolvedPlugin Author Van Ons

    (@van-ons)



    As you might have noticed when you come to this Support channel: the WP GDPR Compliance plugin was removed on Tuesday, November 6th by the WordPress Plugin Review Team after finding a security flaw.

    We apologize for this inconvenience as we know a lot of folks are depending on the plugin.

    We’re working to have a fix available on November 7th for re-submission to the Review Team.

    Update to our users will follow in the next few hours. Stay tuned.

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author Van Ons

    (@van-ons)

    Our fixes and changes are currently with the WP Plugin Review Team so we hope version 1.4.3 will be allowed into the Directory soon.

    cckhp

    (@cckhp)

    Thank you for the update on this. This was the first place I wanted to check after we were notified of it being removed from our websites.

    When it’s allowed back in the directory, do you know if we will have to manually reinstall it and redo the settings for any sites we have it in?

    Adrian

    (@adrian2k7)

    @cckhp You will be able to update the plugin as usual. Settings should be preserved (if you don’t have uninstalled the plugin AND its data 😉

    Plugin Author Van Ons

    (@van-ons)

    And we’re back! Thanks to the Plugin Review Team’s quick actions and suggestions we were able to release version 1.4.3 which takes care of the vulnerabilities discovered yesterday.

    PLEASE UPDATE IMMEDIATELY as to not be vulnerable to SQL injection.

    https://www.wpgdprc.com/wp-gdpr-compliance-v1-4-3-security-release/

    Tom van M

    (@tom-van-m)

    possible closure

    Today on four websites I maintain an admin(!) account was created. I’m posting this just to make people aware that this is possible.
    Luckily we were able to delete these by return and updated the plugin.
    But an forced update by WordPress.org would be a very good idea in case of this vulneralbility with 100.000+ active installs.
    I’m signed up for serveral mailinglists but nothing about this leak.

    • This reply was modified 1 month ago by  Tom van M.
    leanderbraunschweig

    (@leanderbraunschweig)

    Update immediately!! On our website we have also seen admin accounts being created, this is VERY real and needs to be addressed asap.

    Plugin Author Donny Oexman

    (@donnyoexman)

    We are not able to force any plugin update. I’m not sure if that’s something wordpress.org can do.

    Plugin Author Van Ons

    (@van-ons)

    We are in touch with the Plugin Directory Team now to see what the options are for a forced update.

    Some hosting providers are already actively updating or contacting their customers.

    rivmedia

    (@rivmedia)

    Confirmed Admin accounts are being created and backdoors being uploaded to the upload directories. We’ve helped a few people recover their sites today. Hope you guys can force an update.

    drmimi333

    (@drmimi333)

    PLEASE HELP
    I had this problem today and my web site is off now. I got
    This page isn’t working
    …. is currently unable to handle this request.
    HTTP ERROR 500

    • This reply was modified 1 month ago by  drmimi333.
    drmimi333

    (@drmimi333)

    PLEASE HELP
    I had this problem today and my web site is off now. I got
    This page isn’t working
    …. is currently unable to handle this request.
    HTTP ERROR 500

    aitorerana

    (@aitorerana)

    I’ve the same problem, my page is not working and I can’t update the plugin. Is there anyway, maybe deleting some folders or files on WordPress to have access againg and update the plugin?

    Bas

    (@basz85)

    Same problem this morning. I didn’t know this.

    I’ve resolved this via phpMyAdmin: My 2 both websites were not working and the site url was changed to another domain (another site url). I’ve changed to site urls. At this moment the websites are fully recovered. It was an 2,5 hour work (I did this under my own work) to resolve the primary core of the hackissue and searching on the web (twitter) and then I saw topics like this. I give myself an ‘headbump’, cause I feel like an newbie ;P

    Temporarily I’ve deleted the plugin of my websites, until I’m done with prepping with my websites.
    //
    To @drimi333 and @aitorenana

    Logon to your control panel of your hosting account and go to phpMyAdmin and go to wp_options and look up to your site url. If this changed, just changed to your current site urls.
    You can now login to the backend of your websites.

    Let me know if it’s been resolved.

    Kind regards,
    Bas

    aitorerana

    (@aitorerana)

    I’ve solved the problem! Thank you very much!
    The first problem is that some administrator users were created, but then (I think that those users) changes the siteurl of your WordPress. Now I can access to the WordPress panel and update the WP GDPR Compliance plugin.

    Bas

    (@basz85)

    @aitorerana

    I’m glad that you’ve resolved the problem and that you can now access the WordPress backend an update the plugin! Anytime, aitorerana!

    Yes, I had to one administrator user been created (only on one website). Other websites was the site url changed to another domain. I’ve resolve this in phpmyadmin.

Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.