WP GDPR APR 2021: 7 Sensitive Data Disclosures APR 2021

MANAGED WP GDPR APR 2021 REPORT

7 Sensitive Data Disclosures MAR 2021

Be informed about the latest WP GDPR APR 2021 - Sensitive Data Disclosures MAR 2021, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our FREE GDPR AUDIT.

An estimated 370.000+ active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.

It is a 133% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: WP GDPR MAR 2021: 5 Sensitive Data Disclosures MAR 2021 and WP GDPR JAN 2021: 3 Sensitive Data Disclosures JAN 2021. The following cases made headlines PUBLICLY just last month in the WP GDPR APR 2021 category:

---

• WordPress 5.6-5.7 CORE Authenticated XXE Within the Media Library Affecting PHP 8
• WordPress 4.7-5.7 CORE Authenticated Password Protected Pages Exposure
  • Use the software that powers over 41% of the web. Active installations: 41% of the ENTIRE INTERNET minus the updated instances of 5.7.1, since released on April 15, 2022.

---

• Business Directory Plugin – Easy Listing Directories for WordPress < 5.11.2 - Arbitrary Payment History Update
  • Are you looking for a simple directory website builder for WordPress? With Business Directory Plugin, you can be in control without a developer. Active installations: 20,000+

---

• Simple Membership < 4.0.4 - Unauthenticated SQL Injections
  • The simple membership plugin lets you protect your posts and pages so only your members can view the protected content. Set up unlimited membership levels (example: free, silver, gold etc) and protect your posts and pages using the membership levels you create. Active installations: 50,000+

---

• WordPress Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
  • WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. Use Passwords, User Roles to control access to your files, control downloads by speed or by putting a limit on download count per user, block bots or unwanted users or spammers using Captcha Lock or IP Block feature, you may also ask users to agree with your terms and conditions before they download. Active installations: 100,000+

---

• Store Locator Plus <= 5.5.14 - Authenticated Privilege Escalation
  • This plugin has been closed as of April 12, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
  • The ultimate add-on for Contact Form 7 – redirect to any page you choose after mail sent successfully, firing scripts after submission, save submissions in database, and much more options to make Contact Form 7 poweful then ever. Active installations: 200,000+

WP GDPR APR 2021 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.

---

What is Sensitive Data Disclosures MAR 2021?

The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.

What is the impact of a WP GDPR APR 2021?

Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.

These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.

What kind of Sensitive Data are exploited??

Sensitive information includes all data, whether original or copied, which contains:

- Personal data: as defined by The EU General Data Protection Regulation (GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.

- Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.

- Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.

- Customer information: as required by financial institutions to explain how they share and protect their customers' private information.

Related Posts to MANAGED GDPR for your WP/Woo: