Vulnerabilities in the popular WordPress GDPR Compliance plugin, which has over 100,000 active installations have been exploited compromising thousands of websites.

The plugin is designed to help websites and online shops become compliant with the EU’s General Data Protection Regulation (GDPR). It supports plugins such as Contact Form, Gravity Forms, WordPress Comments, and WooCommerce.

The vulnerability allows attackers to create admin level accounts on the websites. The security team at Wordfence have observed automated attacks exploiting this. Patches have been released and users urged to update any plugins and monitor site databases for newly created site administration users.