...
Order today
Unauthenticated WP AUG 2024

Unauthenticated WP AUG 2024 – 68 Security Abuse

Sponsored by:

Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.

Be informed about the latest Unauthenticated WP AUG 2024 - WP Security Circumvention, identified and reported publicly. It is a +24% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Unauthenticated WP AUG 2024

As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP AUG 2024 category:

Add Admin CSS Unauthenticated Full Path Disclosure (BAC)
Add Admin JavaScript Unauthenticated Full Path Disclosure (BAC)
Addonify Unauthenticated Full Path Disclosure (BAC)
Admin Post Navigation Unauthenticated Full Path Disclosure (BAC)
Admin Trim Interface Unauthenticated Full Path Disclosure (BAC)
AForms Unauthenticated Full Path Disclosure (BAC)
Aramex Shipping WooCommerce Unauthenticated Full Path Disclosure (BAC)
BerqWP Unauthenticated NonBlind Server-Side Request Forgery (SSRF)
Branda Unauthenticated Full Path Disclosure (BAC)
Bug Library Unauthenticated Remote Code Execution (RCE)
Campaign Monitor for WordPress Unauthenticated Full Path Disclosure (BAC)
CZ Loan Management Unauthenticated SQL Injection (SQLi)
Donation Block For PayPal Unauthenticated Cross-Site Scripting (XSS)
Easy Pixels Unauthenticated Cross-Site Scripting (XSS)
Elements kit Elementor addons Unauthenticated Private Information Exposure via ekit_widgetarea_content Function
EventON Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC)
Filter & Grids Unauthenticated Local File Inclusion (LFi)
FormLift for Infusionsoft Web Forms Unauthenticated SQL Injection (SQLi)
FULL Customer Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter
Glossary Unauthenticated Full Path Disclosure (BAC)
Goya Theme Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters
Gravity Forms: Multiple Form Instances Unauthenticated Full Path Disclosure (BAC)
HUSKY Unauthenticated TimeBased SQL Injection (SQLi)
Icegram Unauthenticated Message Duplication
InstaWP Connect Unauthenticated Authentication Bypass
Intelligence Unauthenticated Full Path Disclosure (BAC)
IQ Testimonials Unauthenticated Arbitrary File Upload (BAC)
Jobmonster Theme Unauthenticated Arbitrary File Deletion (BAC)
Jobmonster Theme Unauthenticated Privilege Escalation (BAC)
JSON API User Unauthenticated Privilege Escalation (BAC)
Keydatas Unauthenticated Arbitrary File Upload (BAC)
Laposta Unauthenticated Full Path Disclosure (BAC)
LearnPress Missing Authorization (BAC) to Unauthenticated User Registration Bypass
LearnPress Unauthenticated Bypass to User Registration
ListingPro Unauthenticated Local File Inclusion (LFi)
ListingPro Unauthenticated SQL Injection (SQLi)
ListingPro Theme Unauthenticated SQL Injection (SQLi)
One Click Close Comments Unauthenticated Full Path Disclosure (BAC)
Optimize images ALT Text (alt tag) & names for SEO using AI Unauthenticated Full Path Disclosure (BAC)
PayPlus Payment Gateway Unauthenticated SQL Injection (SQLi)
Piotnet Addons For Elementor Unauthenticated Private Information Exposure
Plum: Spin Wheel & Email Popup Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Product Designer Missing Authorization (BAC) to Unauthenticated Arbitrary Attachment Deletion (BAC)
Product Table by WBW Unauthenticated Remote Code Execution (RCE)
Profile Builder Unauthenticated Media Upload (BAC)
Redux Framework Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS)
SchedulePress Unauthenticated Full Path Disclosure (BAC)
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer Unauthenticated Full Path Disclosure (BAC)
Social Auto Poster Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Social Auto Poster Unauthenticated Cross-Site Scripting (XSS)
TOCHAT.BE Unauthenticated Cross-Site Scripting (XSS)
Ultimate Auction Missing Authorization (BAC) to Unauthenticated Email Creation (BAC)
Ultimate Classified Listings Unauthenticated Local File Inclusion (LFi)
User Feedback Unauthenticated Cross-Site Scripting (XSS) via Name Parameter
UsersWP Unauthenticated SQL Injection (SQLi) via 'uwp_sort_by'
VForm Unauthenticated Cross-Site Scripting (XSS)
Woffice Core Unauthenticated Broken Access Control (BAC)
Woocommerce OpenPos Unauthenticated Arbitrary File Deletion (BAC)
Woocommerce OpenPos Unauthenticated Private Data Exposure
Woocommerce OpenPos Unauthenticated SQL Injection (SQLi)
WordPress Cliengo Chatbot plugin Missing Authorization (BAC) to Unauthenticated Chatbot Settings Update (BAC)
WordPress Form Builder Plugin – Gutenberg Forms Unauthenticated Arbitrary File Upload (BAC)
WP EasyPay Missing Authorization (BAC) to Unauthenticated Service Disconnection
WP eMember Unauthenticated Cross-Site Scripting (XSS) via Member Registration
WP Meteor Page Speed Optimization Topping Unauthenticated Full Path Disclosure (BAC)
WP Popups Unauthenticated Full Path Disclosure (BAC)
WpStickyBar Unauthenticated SQL Injection (SQLi)
XCloner Backup, Restore and Migrate Unauthenticated Full Path Disclosure (BAC)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 355
Contact immediately:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents

A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.