Improper access controls lead to a stored cross-site scripting vulnerability in the GDPR Cookie Consent plugin, currently installed on over 700,000 WordPress sites. Details about the vulnerability emerged after the plugin was removed from the repository.
The Wordfence team released a firewall rule to our Premium customers on February 10th.
To help create awareness of this issue, we are disclosing details of this vulnerability today, now that a fix has been released and users who do not use Wordfence Premium have a clear upgrade path. A technical description of the vulnerability in the “GDPR Cookie Consent” plugin is available on the blog.
Matt Barry - Word-fence Lead Developer
Unfortunately this is one of the big issues with WordPress. That's why I made a decision to move over to a platform that doesn't expose my clients to these type of vulnerabilities. Its just too stressful.
If you are looking for a safe, secure and hassle free website experience speak to me about designing and coding your site in Webflow.