Malware vulnerability in a version

  • ohiowebpro

    (@ohiowebpro)


    3 years, 3 months ago

    Four sites using this plugin got hacked due to a known vulnerability. The patched version was not out before we were exploited. Its a cookie banner, how hard can it be to keep secure? I would stay away until the author does a full review.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Nikel

    (@nikelschubert)

    3 years, 3 months ago

    Hi,

    the newest version 2.10.1 should not have this vulnerability anymore.

    The problem is: even if you update to the newest version the malware stays injected in the database. So you have to check the plugin settings and save them over to remove the malware.

    I am really sorry for that. I have hired an external auditor now to check for additional vulnerabilities.

    Plugin Author Nikel

    (@nikelschubert)

    3 years, 3 months ago

    Hi, if you deleted the plugin and cleared caches you should be fine. Since version 2.10.1 the vulnerability is fixed.

    The exploit was, that the attacker could inject malicious code in the settings fields of the plugin. When deleting the plugin all settings fields of the plugin are deleted as well.

    If you do not delete the plugin you still have to clean them manually, even when you updated to 2.10.1 or above.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    3 years, 3 months ago

    I’m closing this review to new replies. If anyone needs support please raise a support topic.

    You can do so here.

    https://ww.wp.xz.cn/support/plugin/beautiful-and-responsive-cookie-consent/

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Malware vulnerability in a version’ is closed to new replies.