WP GDPR FEB 2021
7 Sensitive Data Disclosures FEB 2021
Be informed about the latest WP GDPR FEB 2021 – Sensitive Data Disclosures FEB 2021, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our FREE GDPR AUDIT.
An estimated 1.121.000+ active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.
It is a 133% increase compared to January 2021. Read more about our previous report here: WP GDPR JAN 2021: 3 Sensitive Data Disclosures JAN 2021. The following cases made headlines PUBLICLY just last month in the WP GDPR FEB 2021 category.
- Web-Stat < 1.4.1 - API Key Disclosure
- Observe visitors interacting with your web site through real-time and intuitive reports! Web-Stat is FREE and records the details of all your visits. We detect everything that can be detected and present the results in clear, user-friendly charts and graphics. Active installations: 2,000+
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 18.104.22.168 - Authenticated OAuth Connection Key Disclosure
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Map Block for Google Maps < 1.32 - Unauthorised Google API Key change
- Are you using Gutenberg and need a map? This is the map block for you! Install, active, add to content. Done! No nonsense, no unneeded settings. Simple and clear in its function – as any Gutenberg block should be. Active installations: 7,000+
- Paid Memberships Pro < 2.5.3 - Unauthorised Order Information Disclosure
- Paid Memberships Pro gives you all the tools you need to start, manage, and grow your membership site. The plugin is designed for premium content sites, clubs/associations, subscription products, newsletters and more. Active installations: 100,000+
- Like Button Rating ♥ LikeBtn < 2.6.32 - Unauthenticated Full-Read SSRF
- The Like Button Rating plugin allows you to add a cool looking fully customizable Like button. Active installations: 8,000+
- Ultimate GDPR & CCPA Compliance Toolkit for WordPress < 2.5 - Unauthenticated Plugin Settings Export and Import
- THE ONLY GDPR & CCPA COMPLIANCE TOOLKIT YOU NEED FOR WORDPRESS Active installations: Not public info
- MStore API < 3.2.0 - Authentication Bypass With Sign In With Apple
- The plugin is used for config the Mstore/FluxStore mobile and support RestAPI to connect to the app. Active installations: 4,000+
WP GDPR FEB 2021 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.
What is Sensitive Data Disclosures FEB 2021?
The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.
What is the impact of a WP GDPR FEB 2021?
Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.
These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.
What kind of Sensitive Data are exploited??
Sensitive information includes all data, whether original or copied, which contains:
– Personal data: as defined by The EU General Data Protection Regulation (GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.
– Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
– Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
– Customer information: as required by financial institutions to explain how they share and protect their customers’ private information.