Discover Xolo Leap: All the essential features and services modern solopreneurs need to run a borderless business. Run an EU business from anywhere on the planet!
Be informed about the latest Unauthenticated WP APR 2024 - WP Security Circumvention, identified and reported publicly. It is a +17% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP APR 2024 category:
| AI Engine: ChatGPT Chatbot | Unauthenticated Cross-Site Scripting (XSS) |
| Anti-Malware Security and Brute-Force Firewall | Unauthenticated Predictable Nonce BruteForce Leading to Remote Code Execution (RCE) |
| ARMember | Unauthenticated PHP Object Injection |
| Automatic | Unauthenticated Arbitrary SQL Execution |
| Automatic | Unauthenticated Arbitrary File Download and SSRF |
| Avada Theme | Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing |
| Backup and Restore WordPress | Unauthenticated Private Data Exposure |
| BetterDocs | Unauthenticated PHP Object Injection |
| Bit Form – Contact Form Plugin | Unauthenticated Insecure Direct Object Reference to Form Submission Alteration |
| BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
| BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) |
| Calculated Fields Form | Unauthenticated Cross-Site Scripting (XSS) |
| Check & Log Email | Unauthenticated Hook Injection |
| Contact Forms by Cimatti | Unauthenticated Cross-Site Scripting (XSS) |
| Create by Mediavine | Unauthenticated SQL Injection (SQLi) via 'id' |
| CRM Perks Forms | Unauthenticated SQL Injection (SQLi) |
| Database for Contact Form 7 | Unauthenticated Cross-Site Scripting (XSS) |
| Enjoy Social Feed plugin for WordPress website | Unauthenticated Arbitrary Instagram Account Unlinking |
| EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
| Everest Forms | Unauthenticated ServerSide Request Forgery via font_url |
| Extensions For CF7 | Unauthenticated Cross-Site Scripting (XSS) |
| Finale Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
| Giveaways and Contests by RafflePress | Unauthenticated Cross-Site Scripting (XSS) |
| HT Easy GA4 ( Google Analytics 4 ) | Missing Authorization (BAC) to Unauthenticated GA Email Update (BAC) |
| Malware Scanner | Unauthenticated Privilege Escalation |
| Network Summary | Unauthenticated SQL Injection (SQLi) |
| Newsmatic Theme | Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content |
| NextMove Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
| Order Tip for WooCommerce | Missing Authorization (BAC) to Unauthenticated Data Export |
| Otter Blocks PRO | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Pie Register | Unauthenticated Arbitrary File Upload (BAC) |
| Radio Player | Unauthenticated Broken Access Control |
| Seriously Simple Podcasting | Unauthenticated Administrator Email Private Information Disclosure |
| Simple Ajax Chat | Unauthenticated Cross-Site Scripting (XSS) |
| Simple Job Board | Unauthenticated PHP Object Injection via Job Application Fields |
| Simple Membership | Unauthenticated Cross-Site Scripting (XSS) |
| SportsPress – Sports Club & League Manager | Missing Authorization (BAC) to Unauthenticated Event Permalink Update (BAC) |
| Ultimate Gift Cards For WooCommerce | Missing Authorization (BAC) to Unauthenticated Information Exposure |
| Ultimate Member | Unauthenticated Cross-Site Scripting (XSS) |
| User Registration | Unauthenticated Cross-Site Scripting (XSS) |
| Web Application Firewall – website security | Unauthenticated Privilege Escalation |
| Website Article Monetization By MageNet | Unauthenticated Cross-Site Scripting (XSS) |
| weForms | Unauthenticated Cross-Site Scripting (XSS) via Referer |
| Wholesale For WooCommerce | Unauthenticated Private Data Exposure |
| WholesaleX | Unauthenticated Privilege Escalation |
| WholesaleX | Unauthenticated PHP Object Injection |
| WooCommerce Cloak Affiliate Links | Missing Authorization (BAC) to Unauthenticated Permalink Modification |
| WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Unauthenticated Cross-Site Scripting (XSS) |
| WP Compress – Image Optimizer [All-In-One] | Missing Authorization (BAC) to Unauthenticated CDN Modification |
| WP Migrate | Unauthenticated PHP Object Injection |
| Wp Social | Missing Authorization (BAC) to Unauthenticated Social Login/Share Status Update (BAC) |
| WP Statistics | Unauthenticated Cross-Site Scripting (XSS) |
| WP Travel Engine | Unauthenticated SQL Injection (SQLi) |
| Youzify Buddypress Moderation | Unauthenticated Cross-Site Scripting (XSS) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 129 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.
