The vulnerability stems from improper access controls in an endpoint used by the WordPress plugin s AJAX API, a web development technique used to create web applications. The plugin, which helps businesses display cookie banners to show that they are compliant with EU privacy regulation, has more than 700,000 active installations. The vulnerability, which does not yet have a CVE number, affects version 1.8.2 and below. Researchers urge users of the plugin users to update as soon as possible: This vulnerability has been fixed in. version 188.3, according to Wordfence.
Source: https://threatpost.com/critical-wordpress-plugin-bug-afflicts-700k-sites/152871/