CVE-2020-36718
📋 TL;DR
The GDPR CCPA Compliance Support plugin for WordPress has a PHP object injection vulnerability that allows unauthenticated attackers to execute arbitrary code by deserializing malicious input. This affects all WordPress sites using plugin versions up to 2.3. Attackers can potentially take full control of vulnerable websites.
💻 Affected Systems
- WordPress GDPR CCPA Compliance Support plugin (Ninja GDPR Compliance)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise leading to website defacement, data theft, malware installation, or ransomware deployment.
Likely Case
Remote code execution leading to backdoor installation, credential theft, and lateral movement within the hosting environment.
If Mitigated
Limited impact with proper web application firewalls and intrusion detection systems blocking exploitation attempts.
🎯 Exploit Status
Public exploit details available in security advisories. The vulnerability requires minimal technical skill to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.4 and later
Vendor Advisory: https://wordpress.org/plugins/ninja-gdpr-compliance/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'GDPR CCPA Compliance Support' plugin. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 2.4+ from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
linuxTemporarily disable the plugin until patched
wp plugin deactivate ninja-gdpr-compliance
Web Application Firewall rule
allBlock requests containing malicious deserialization patterns
Add WAF rule to block requests with 'njt_gdpr_allow_permissions' parameter containing serialized PHP objects
🧯 If You Can't Patch
- Disable the GDPR CCPA Compliance Support plugin immediately
- Implement strict input validation and sanitization for all plugin parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → GDPR CCPA Compliance Support → Version number. If version is 2.3 or lower, you are vulnerable.Check Version:
wp plugin get ninja-gdpr-compliance --field=versionVerify Fix Applied:
Verify plugin version is 2.4 or higher in WordPress admin panel. Test that the 'njt_gdpr_allow_permissions' parameter no longer accepts serialized PHP objects.📡 Detection & Monitoring
Log Indicators:
- POST requests to WordPress containing 'njt_gdpr_allow_permissions' parameter with serialized data
- Unusual PHP process execution from web server context
- Web server error logs showing deserialization errors
Network Indicators:
- HTTP POST requests with serialized PHP objects in parameters
- Traffic patterns matching known exploit payloads
SIEM Query:
source="web_logs" AND (uri_path="*wp-admin*" OR uri_path="*wp-content/plugins/ninja-gdpr-compliance*") AND http_method="POST" AND (param_name="njt_gdpr_allow_permissions" OR param_value CONTAINS "O:")🔗 References
- https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/
- https://plugins.trac.wordpress.org/changeset/2408938
- https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance
- https://wordpress.org/plugins/ninja-gdpr-compliance/#developers
- https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve
- https://blog.nintechnet.com/gdpr-ccpa-compliance-support-plugin-fixed-insecure-deserialization-vulnerability/
- https://plugins.trac.wordpress.org/changeset/2408938
- https://plugins.trac.wordpress.org/changeset/2411356/ninja-gdpr-compliance
- https://wordpress.org/plugins/ninja-gdpr-compliance/#developers
- https://wpscan.com/vulnerability/92f1d6fb-c665-419e-a13b-688b1df6c395
- https://www.wordfence.com/threat-intel/vulnerabilities/id/a2871261-3231-4a52-9a38-bb3caf461e7d?source=cve
