MANAGED WP GDPR JAN 2023 REPORT
Sensitive Data Disclosures JAN 2023
Be informed about the latest WP GDPR JAN 2023 – Sensitive Data Disclosures JAN 2023, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our WP/Woo GDPR audit.
An estimated 4.342.000 active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. It is a +634% INCREASE as targeted Sensitive Data Disclosures compared to last month. The estimated number can double with versions already closed due to security concerns.
The following cases made headlines PUBLICLY in the WP GDPR JAN 2023 category:
- Easy WP SMTP – WordPress Email SMTP Plugin – Remote Code Execution (RCE)
- Easy WP SMTP – WordPress Email SMTP Plugin – Directory Traversal
- Easy WP SMTP – WordPress Email SMTP Plugin – Arbitrary File Deletion
- Active installations: 600.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- ARMember PREMIUM – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup – Privilege Escalation
- Active installations: 9.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Chained Quiz
– Multiple different Cross-Site Scripting (XSS) - Chained Quiz
– Authenthicated Stored Cross-Site Scripting (XSS) via Mailchimp API Key - Chained Quiz
– Authenthicated Stored Cross-Site Scripting (XSS) via Facebook App ID - Chained Quiz
– CrossSite Request Forgery (CSRF) leading to Question Deletion - Chained Quiz
– CrossSite Request Forgery (CSRF) leading to Submitted Response Deletion - Chained Quiz
– CrossSite Request Forgery (CSRF) leading to Arbitrary Quiz Deletion and Copying- Active installations: 2.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Consider for your loading time, switching with a TOP10LIST alternative WP Speed Plugin – OR – Hire professionals for managed WP Speed Up.
- Autoptimize – Sensitive Data Exposure
- Active installations: 1+ million
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your loading time, switching with a TOP10LIST alternative WP Speed Plugin – OR – Hire professionals for managed WP Speed Up.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- WP Social Sharing – Cross-Site Scripting (XSS)
- WP Social Sharing – Sensitive Data Exposure
- This plugin has been closed as of December 6, 2022 and is not available for download. This closure is temporary, pending a full review.
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- iubenda | All-in-one Compliance for GDPR / CCPA Cookie Consent + more – Privilege Escalation
- Active installations: 100.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Wholesale Market for WooCommerce – Path Traversal
- Wholesale Market for WooCommerce – Arbitrary Log Download
- Active installations: N/A
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Consider for your online shop, switching with a TOP10LIST alternative WooCommerce Plugin – OR – Hire professionals for managed WooCommerce.
- WP Custom Admin Interface – PHP Object Injection
- Active installations: 30.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content – ProfilePress – PHP Object Injection
- Paid Membership, Ecommerce, Registration Form, Login Form, User Profile, Paywall & Restrict Content – ProfilePress – Cross-Site Scripting (XSS)
- Active installations: 300.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- GS Insever Portfolio – Cross-Site Request Forgery (CSRF)
- Active installations: 100+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- WP Cerber Security, Anti-spam & Malware Scan – Security Bypass
- This plugin has been closed as of September 22, 2022 and is not available for download. Reason: Security Issue.
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Download Manager – Cross-Site Scripting (XSS)
- Active installations: 100.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- WPtouch – PHP Object Injection
- WPtouch – Arbitrary File Upload
- Active installations: 100.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your loading time, switching with a TOP10LIST alternative WP Speed Plugin – OR – Hire professionals for managed WP Speed Up.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Starter Templates by Kadence WP – PHP Object Injection
- Active installations: 100.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Anti-Malware Security and Brute-Force Firewall – PHP Object Injection
- Active installations: 200.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Real Cookie Banner: GDPR (DSGVO) & ePrivacy Cookie Consent – Cross-Site Scripting (XSS)
- Active installations: 100.000+
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- Analyticator – PHP Object Injection
- Active installations: 100.000+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- EU Cookie Law for GDPR/CCPA – Cross-Site Scripting (XSS)
- This plugin has been closed as of December 23, 2022 and is not available for download. This closure is temporary, pending a full review.
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- WP Limit Login Attempts – Unauthenticated Bypass
- This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- FluentAuth – The Ultimate Authorization & Security Plugin for WordPress – Unauthenticated Bypass
- Active installations: 700+
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- WP Statistics – SQL Injection (SQLi)
- Active installations: 600.000+
- Consider for your online vigilance, switching with a TOP10LIST alternative WP Monitoring Plugin – OR – Hire professionals for managed WP Monitoring.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
- All-In-One Security (AIOS) – Security and Firewall – Sensitive Data Exposure
- Active installations: 1+ million
- Consider for your online safety, switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for managed WP Security.
- Consider for your online privacy, switching with a TOP10LIST alternative WP GDPR Plugin – OR – Hire professionals for managed WP GDPR.
WP GDPR JAN 2023 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.
What is Sensitive Data Disclosures JAN 2023?
The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.
What is the impact of a WP GDPR JAN 2023?
Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.
These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like WP/Woo GDPR, explicit consent from the individual is required.
What kind of Sensitive Data are exploited??
Sensitive information includes all Private Data, whether original or copied, which contains:
– Personal data: as defined by The EU General Data Protection Regulation (WP/Woo GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.
– Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
– Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
– Customer information: as required by financial institutions to explain how they share and protect their customers’ private information.
MANAGED GDPR for your WP/Woo: Sensitive Data Disclosures JAN 2023 Related Posts
Table of Contents
- MANAGED WP GDPR JAN 2023 REPORT
- Sensitive Data Disclosures JAN 2023
- A partner you can depend on to help your organisation meet GDPR compliance. All you need to know, to keep your business safe for cases reported in WP GDPR JAN 2023.
- Compliant and sustainable long-term GDPR operational behaviour. Have a rock-solid foundation for privacy procedures and WP GDPR JAN 2023 mandate compliance.
- What is Sensitive Data Disclosures JAN 2023?
- What is the impact of a WP GDPR JAN 2023?
- What kind of Sensitive Data are exploited??
- Not sure that our recurrent data protection offer is worthy of long-term consideration? Contact us today for a WP GDPR JAN 2023 audit! Decide after you compare RISK + IMPACT versus COST.
- MANAGED GDPR for your WP/Woo: Sensitive Data Disclosures JAN 2023 Related Posts
- WP GDPR SEP 2024: 25 WP Private Data Exposed
- WP GDPR AUG 2024: 21 WP Private Data Exposed
- WP GDPR JUL 2024: 16 WP Private Data Exposed
- WP GDPR JUN 2024: 25 WP Private Data Exposed