WP GDPR JAN 2022: 15 Covert Sensitive Data Disclosures JAN 2022

MANAGED WP GDPR JAN 2022 REPORT

Sensitive Data Disclosures JAN 2022

Be informed about the latest WP GDPR JAN 2022 - Sensitive Data Disclosures JAN 2022, identified and reported publicly. These Sensitive or Private Data Disclosures have a severe negative financial impact on any business. Consider our FREE GDPR consulting.

An estimated 2.255.000+ active WordPress installations are susceptible to these personal data exfiltrations, considering only the publicly available numbers. It is a whooping 400% increase compared to last month. The estimated number can double with versions already closed due to security concerns.

• WP Guppy - Sensitive Information Disclosure
  • WordPress Chat Plugin like never before - it's quality loaded with features! WP-Guppy is a well thought and clinically designed and developed WordPress chat plugin which has been engineered to fulfil the market needs. It is loaded with features without compromising on quality. Active installations: N/A

---

• The Plus Addons for Elementor - Unauthenticated SQL Injection
• The Plus Addons for Elementor - Sensitive Data Disclosure
  • Unlock a Faster Elementor Experience with Extra 120+ Powerful Widgets & Extensions for your next big idea! Active installations: N/A

---

• Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery - Stored Cross-Site Scripting (XSS)
• Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery - Unauthorised Private Post Access
  • Logo Carousel is a beautiful logo showcase and clients logo gallery plugin that allows you to display a group of logo images in a visually appealing carousel through an intuitive Shortcode Generator. It’s very user-friendly and convenient to manage & display the logo images in your any WordPress site. Active installations: 20,000+

---

• Hide My WP - Amazing Security Plugin for WordPress! - Unauthenticated Plugin Deactivation
• Hide My WP - Amazing Security Plugin for WordPress! - Unauthenticated SQL Injection
  • Hide My WP is number one security plugin for WordPress. It hides your WordPress from attackers, spammers and theme detectors. Over 26,000 satisfied customers use Hide My WP. It also hides your wp login URL and renames admin URL. It detects and blocks XSS, SQL Injection type of security attacks on your WordPress website. Active installations: 30,000+

---

• OMGF | Host Google Fonts Locally - Arbitrary Folder Deletion via Path Traversal
  • Leverage Browser Cache, Minimize DNS requests, reduce Cumulative Layout Shift and serve your Google Fonts in a 100% GDPR compliant way with OMGF! Active installations: 40,000+

---

• CAOS | Host Google Analytics Locally - Arbitrary Folder Deletion via Path Traversa
  • CAOS (Complete Analytics Optimization Suite) for Google Analytics allows you to host analytics.js/gtag.js locally and keep it updated using WordPress’ built-in Cron-schedule. Fully automatic! Active installations: 20,000+

---

• Advanced Custom Fields - Arbitrary ACF Data/Field Groups View and Fields Move
  • Advanced Custom Fields turns WordPress sites into a fully-fledged content management system by giving you all the tools to do more with your data. Active installations: 2+ million

---

• Canto - Unauthenticated Blind SSRF
  • Easily find and publish photos, images, and any other web-safe media file from directly to your WordPress website. Simplify collaboration with your creative team by retrieving media without having to search through emails or folders. Active installations: 70+

---

• All-in-One Video Gallery - Local File Inclusion
  • All-in-One Video Gallery is a VIDEO POSTS plugin that helps you adding videos as posts and build scalable, searchable, SEO optimized video galleries in minutes. Active installations: 20,000+

---

• PublishPress Capabilities – User Role Access, Editor Permissions, Admin Menus - Unauthenticated Arbitrary Options Update to Blog Compromise
  • PublishPress Capabilities gives you control over all the permissions on your WordPress site. We built this user role editor plugin so you have an EASY and POWERFUL way to manage users. You can customize all your WordPress user roles, from Administrators and Editors to Authors, Contributors, Subscribers and custom roles. Each use role can have the exact permissions that your site needs. Active installations: 100,000+

---

• PublishPress Capabilities Pro - Unauthenticated Arbitrary Options Update to Blog Compromise
  • PublishPress Capabilities is the best plugin to control permissions for your WordPress posts, pages, media and custom post types. Capabilities allows you to manage user roles. You can create and copy roles. You can choose specific permissions for each role. Capabilities also enables you to back up, restore and migrate your site's permissions. Active installations: N/A

---

• Multivendor Marketplace Solution for WooCommerce – WC Marketplace - Unauthenticated AJAX Calls
  • Afraid of launching an Online Marketplace? Well, worry no more WC Marketplace provides you with the best marketplace software, you can get, to kickstart your own virtual eCommerce marketplace. This free WordPress plugin equips you with the best of features that help to create any marketplace of your choice. So, create a website like Amazon, Etsy or Airbnb without any worries. Active installations: 10,000+

---

• RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin - Authentication Bypass
• RegistrationMagic – Custom Registration Forms, User Registration and User Login Plugin - SQL Injection
  • Create custom WordPress Registration Forms, allow secure user registration, accept payments, track submissions, manage users, analyze stats, assign user roles, automate processes, send bulk emails and much more. If you need to build a custom WordPress Registration Forms process, look no further! Active installations: 10,000+

---

• Tab – Accordion, FAQ - Unauthenticated AJAX Calls
  • Tab allows you to create a simple tabs, accordions and faq for elementor, and all themes. tab and accordion plugin is for creating responsive tab panels with unlimited options and transition animations support. Active installations: 2,000+

---

• True Ranker - Unauthenticated Arbitrary File Access via Path Traversal
  • Now you can enjoy for free with the only SEO App that gives you total control of your geolocated Google results with 100% real accuracy. Active installations: 200+

---

• Shortcode Addons- with Visual Composer, Divi, Beaver Builder and Elementor Extension - Unauthenticated Arbitrary Option Update
  • Shortcode Addons- with Visual Composer, Divi, Beaver Builder, and Elementor Extension is the ultimate addons bundle for major page builders and general users that is packed with 10000+ awesome Templates, Blocks and stunning Pre-designs.Add some more flexibility into that, and you have easier options in form of page builders like Visual Composer, Divi, Elementor or Beaver Builder With over 120+ essential elements and extensions, you will find the ultimate advantage of enhancing your web creation while using Shortcode Addons in WordPress. With the mighty Shortcode Addons, you’ll get the power of having access to all the essential widgets that you have never gotten ever before in one place. Active installations: 4,000+

WP GDPR JAN 2022 BRIEF: Personal or Private data is information that must be protected against unauthorised access, preventing Sensitive Data Disclosures and data breaches.

---

What is Sensitive Data Disclosures JAN 2022?

The loss, misuse, modification or unauthorised access to your most sensitive data or personal data can damage your business, ruin customer trust, breach customer privacy and in extreme cases, might attract hefty fines by law regulations.

What is the impact of a WP GDPR JAN 2022?

Data privacy is becoming more and more imperative. Fines vary from country to country in Europe. In over 80 countries, personally identifiable information (PII) is protected by information privacy laws that outline limits to collecting and using PII by public and private organisations.

These laws require organisations to give clear notice to individuals about what sensitive data is collected, the reason for collecting and the planned uses of the data. In consent-based legal frameworks, like GDPR, explicit consent from the individual is required.

What kind of Sensitive Data are exploited??

Sensitive information includes all Private Data, whether original or copied, which contains:

- Personal data: as defined by The EU General Data Protection Regulation (GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.

- Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.

- Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.

- Customer information: as required by financial institutions to explain how they share and protect their customers' private information.

MANAGED GDPR for your WP/Woo: Sensitive Data Disclosures JAN 2022 Related Posts