WP GDPR SEP 2021
Sensitive Data Disclosures SEP 2021
Be informed about the latest WP GDPR SEP 2021 – Sensitive Data Disclosures SEP 2021, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our FREE GDPR AUDIT.
An estimated 6.561.000+ active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.
It is whooping 267% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: WP GDPR AUG 2021: Covert Sensitive Data Disclosures AUG 2021 and WP GDPR JAN 2021: 3 Sensitive Data Disclosures JAN 2021. The following cases made headlines PUBLICLY just last month in the WP GDPR SEP 2021 category:
on-demand GDPR Services
A partner you can depend on to help your organisation meet GDPR compliance. All you need to know, to keep your business safe for cases reported in WP GDPR SEP 2021.
- BulletProof Security – Sensitive Information Disclosure
- WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin. Active installations: 50,000+
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Unprotected REST-API to Sensitive Information Disclosure
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Unprotected REST-API to Email Injection
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress – Stored Cross-Site Scripting
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Timetable and Event Schedule by MotoPress – Unauthorised Event TimeSlot Deletion
- Timetable and Event Schedule by MotoPress – Unauthorised Event TimeSlot Update
- Timetable and Event Schedule by MotoPress – Arbitrary User’s Hashed Password/Email/Username Disclosure
- Timetable and Event Schedule by MotoPress – Author+ Stored Cross-Site Scripting
- MotoPress Timetable and Event Schedule is an all-around organizer plugin developed to help you create and manage online schedules for a single or multiple events, customize the appearance of each event, add date, time, description and display all the needed items in a carefully-crafted timetable. It also comes with Upcoming events widget that will help you keep the sidebar clutter-free. Active installations: 40,000+
- PostX – Gutenberg Blocks for Post Grid – Private Content Disclosure
- PostX – Gutenberg Blocks for Post Grid – Contributor+ Stored Cross-Site Scripting
- PostX – Gutenberg Blocks for Post Grid – Missing Access Controls
- PostX is a highly customizable Gutenberg Post Block Plugins, anyone can create Post grid blocks, Post Listing Blocks, Post Slider Blocks, News Blocks, Magazine Blocks, And Post Carousel with ease. Active installations: 10,000+
- Find My Blocks – Private Post Titles Disclosure
- Find My Blocks is a WordPress plugin built to help (as it says in the name) find where you have used specific Gutenberg blocks on your WordPress website. Active installations: 1,000+
- BulletProof Security – Sensitive Information Disclosure
- WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam… View Security feature highlights below. View BulletProof Security feature details under the FAQ help section below. Effective, Reliable & Easy to use WordPress Security Plugin. Active installations: 50,000+
- ZoomSounds – WordPress Wave Audio Player with Playlist – Unauthenticated Arbitrary File Download
- ZoomSounds is a complete premium audio plugin for WordPress that allows you to build great audio players and playlists. Engage with your audience with Trending, Likes, and awesome features. Fits your branding with a customizable design and great colors. With nine skins to fit every brand, multiple layouts for the wave skin, only one format required to function, ZoomSounds is the perfect choice for an audio player. Active installations: N/A
- Gutenberg Block Editor Toolkit – EditorsKit – Arbitrary PHP Code Execution
- EditorsKit provides set of page building block options and toolkit for the new WordPress Gutenberg editor. Active installations: 10,000+
- Telefication – Open Relay & Server-Side Request Forgery
- This plugin has been closed as of September 20, 2022 and is not available for download. This closure is temporary, pending a full review.
- WooCommerce – Analytics Report Leaks
- Whether you’re launching a business, taking brick-and-mortar retail online, or developing sites for clients, use WooCommerce for a store that powerfully blends content and commerce. Active installations: 5+ million
- WooCommerce Admin – Analytics Report Leaks
- WooCommerce Admin is a new JavaScript-driven interface for managing your store. The plugin includes new and improved reports and a dashboard to monitor key metrics of your site. Active installations: 400,000+
HELPS YOU TO MEET GDPR REGULATIONS
Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and WP GDPR SEP 2021 mandate compliance.
WP GDPR SEP 2021 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.
What is Sensitive Data Disclosures SEP 2021?
The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.
What is the impact of a WP GDPR SEP 2021?
Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.
These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.
What kind of Sensitive Data are exploited??
Sensitive information includes all data, whether original or copied, which contains:
– Personal data: as defined by The EU General Data Protection Regulation (GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.
– Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
– Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
– Customer information: as required by financial institutions to explain how they share and protect their customers’ private information.
data protection OFFICER
Identify high-risk problems from WP GDPR SEP 2021. Taking access and rights management into serious consideration is the foundation for a safely guarded online presence for your domain.