There was a problem loading the comments.

MAJOR SECURITY UPDATE of GDPR & CCPA Plugin

Support Portal  »  Knowledgebase  »  Viewing Article

  Print

ANNOUNCEMENT


Unfortunately there were an XSS vulnerability issue in the previous version of our plugin (version 2.4 and older). The problem was already fixed in version 2.5 and the latest version of the plugin is available to download on https://codecanyon.net/item/ultimate-gdpr-compliance-toolkit-for-wordpress/21704224

The vulnerability discovered in version 2.4 could cause injection of unwanted scripts in GDPR & CCPA plugin settings. Injected script then creates redirection to another domain, usually a malicious website.
To make sure that there is no unwanted script injected into your website please follow the steps below:

1. Please make sure that you are using the 2.5 version of our plugin
2. Please check GDPR & CCPA settings in the admin panel about Privacy Policy and Terms and Conditions:
89e1b3332799143e02942eaecb14bf614f2d57bbd6256254fbbed9cf8dc97041444639ff226bda30?t=e035ce4fcc14b9d551c412cea6c18245
Privacy Policy
74ea62b286f72b2cec24e1046da920465cdae27b52c4aeffd223fe39d9bfecab1b76bce2e0d0e55d?t=e7b4f5745110ce839c75c892ff17d235
Terms and Conditions

2a. Please check the settings of Read More Custom URL, 'Right to be forgotten' / 'Admin email to send new request notifications to' for any unverified links.
3. If you can see any records not entered by you (example), please make sure to remove them from the admin panel and Save settings.
4. That should secure your website.

Ways to update our plugin to the newest version (which we highly recommend if this wasn't done already):
- Click 'update now' in the WordPress Backend plugin section
- or you can also upload the plugin manually via FTP client.  Download the latest version of the plugin in "Downloads" section of your Envato account and extract the plugin zip file. Then upload the folder you extracted from the zip file, named "ct-ultimate-gdpr" to the /wp-content/plugins/ folder on your web server. Then you need to go back WordPress dashboard of your website, and activate the plugin from your "Plugins" section.

We sincerely apologize for the problem created because of our plugin. If you would have any additional issues, please contact our support at https://createit.support/

Share via
Did you find this article useful?  

Related Articles

© createIT