The vulnerability discovered in version 2.4 could cause injection of unwanted scripts in GDPR & CCPA plugin settings. Injected script then creates redirection to another domain, usually a malicious website.
To make sure that there is no unwanted script injected into your website please follow the steps below:
1. Please make sure that you are using the 2.5 version of our plugin
2a. Please check the settings of Read More Custom URL, 'Right to be forgotten' / 'Admin email to send new request notifications to' for any unverified links.
3. If you can see any records not entered by you (example), please make sure to remove them from the admin panel and Save settings.
4. That should secure your website.
Ways to update our plugin to the newest version (which we highly recommend if this wasn't done already):
- Click 'update now' in the WordPress Backend plugin section
- or you can also upload the plugin manually via FTP client. Download the latest version of the plugin in "Downloads" section of your Envato account and extract the plugin zip file. Then upload the folder you extracted from the zip file, named "ct-ultimate-gdpr" to the /wp-content/plugins/ folder on your web server. Then you need to go back WordPress dashboard of your website, and activate the plugin from your "Plugins" section.
We sincerely apologize for the problem created because of our plugin. If you would have any additional issues, please contact our support at https://createit.support/