Critical security vulnerability in the WordPress GDPR Compliance plugin (vulnerability)

A security vulnerability currently classified as very critical in the WP GDPR Compliance plugin is being exploited (100,000+ active installations).

This vulnerability allows attackers to modify the wp_options table. In the current wave of attacks, the default user role is being changed to Administrator and user registration is enabled in order to further manipulate the site using a newly created admin account.
In the cases seen so far, admin users with the name t2trollherten or t3trollherten were created.

The security vulnerability was fixed in version 1.4.3 1.4.3. If you use this plugin, an update should be carried out urgently.

As part of our WordPress maintenance contracts and the Security Flat Rate we have already checked and updated all customer websites.

Immediate measures if an unknown WordPress admin exists

1. Delete the unknown user

2. WordPress Einstellungen -> Allgemein kontrollieren

WordPress Address / Site Address (URL), email address, membership, and the default role for a new user.

3. Analyze access logs (Log Analysis Tool)

This shows whether malicious files (webshells/backdoors) were uploaded and used
- in this case the wp-upd.php (or often wp-cache.php):

4. Check the database (wp_posts) for -->