WP GDPR OCT 2021
Sensitive Data Disclosures OCT 2021
Be informed about the latest WP GDPR OCT 2021 – Sensitive Data Disclosures OCT 2021, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our FREE GDPR AUDIT.
An estimated 593.000+ active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.
It is whooping 267% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: WP GDPR SEP 2021: 11 Covert Sensitive Data Disclosures SEP 2021 and WP GDPR JAN 2021: 3 Sensitive Data Disclosures JAN 2021. The following cases made headlines PUBLICLY just last month in the WP GDPR OCT 2021 category:
- User Registration, Login Form, User Profile & Membership – ProfilePress (Formerly WP User Avatar) – Reflected Cross-Site Scripting
- ProfilePress (formerly WP User Avatar) is a lightweight membership plugin that lets you create beautiful user profiles, member directories and frontend user registration form, login form, password reset and editing profile information. It also allows you to protect sensitive content and control user access. Active installations: 400,000+
- User meta shortcodes – Unauthorized Arbitrary User Metadata Access
- This plugin has been closed as of October 12, 2022 and is not available for download. This closure is temporary, pending a full review.
- WordPress + Microsoft Office 365 / Azure AD | LOGIN – Unauthenticated Stored Cross-Site Scripting
- With WPO365 | LOGIN users can sign in with their corporate or school (Azure AD / Microsoft Office 365) account to access your WordPress website: No username or password required (OIDC or SAML 2.0 based SSO). Plus you can send email using Microsoft Graph instead of SMTP from your WordPress website. Active installations: 4,000+
- JS Job Manager – Unauthenticated Arbitrary Plugin Installation/Activation
- JS Jobs allows you to run your own, unique jobs classifieds service where you or employer can advertise their jobs, job seekers can upload their resume and apply to any jobs. Active installations: 600+
- WP Attachment Export – Unauthenticated Posts Download
- Event Manager and Tickets Selling Plugin for WooCommerce – Unauthenticated Arbitrary Elementor Template Import
- Event Manager and Tickets Selling Plugin for WooCommerce – Unauthenticated Arbitrary Options Reset
- Event Manager and Tickets Selling Plugin for WooCommerce- is one of the best and simple event management plugin available in WordPress directory & the best event manager plugin for WordPress. Active installations: 9,000+
- WP Debugging – Unauthenticated Plugin’s Settings Update
- This plugin sets the following debug constants in wp-config.php on plugin activation and removes them on plugin deactivation. Any errors will result in a PHP Exception being thrown. Active installations: 5,000+
- Modern Events Calendar Lite – Unauthenticated Blind SQL Injection
- Modern Events Calendar Lite – Reflected Cross-Site Scripting
- WordPress event calendar plugin is the best tool used for managing events websites. Modern Events Calendar is a comprehensive events management plugin. It is a FREE events management plugin which is extremely user-friendly and well-designed for displaying the events calendar on the websites, ever easier. Active installations: 100,000+
- Contest Gallery – Photo Contest Plugin for WordPress – Email Address Disclosure
- Contest Gallery – Photo Contest Plugin for WordPress – Missing Access Controls to Unauthenticated SQL injection
- Highly configurable photo contest gallery plugin for WordPress. Active installations: 2,000+
- Secure Copy Content Protection and Content Locking – Email Address Disclosure
- Secure Copy Content Protection is a plugin aimed at protecting web content from being plagiarized. Active installations: 10,000+
- Like Button Rating ♥ LikeBtn – Unauthorised Vote Export to Email & IP Addresses Disclosure
- The Like Button Rating plugin allows you to add a cool looking fully customizable Like button. Active installations: 7,000+
WP GDPR OCT 2021 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.
What is Sensitive Data Disclosures OCT 2021?
The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.
What is the impact of a WP GDPR OCT 2021?
Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.
These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.
What kind of Sensitive Data are exploited??
Sensitive information includes all data, whether original or copied, which contains:
– Personal data: as defined by The EU General Data Protection Regulation (GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.
– Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
– Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
– Customer information: as required by financial institutions to explain how they share and protect their customers’ private information.