Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP AUG 2024 - WP Security Circumvention, identified and reported publicly. It is a +24% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP AUG 2024 category:
Add Admin CSS | Unauthenticated Full Path Disclosure (BAC) |
Add Admin JavaScript | Unauthenticated Full Path Disclosure (BAC) |
Addonify | Unauthenticated Full Path Disclosure (BAC) |
Admin Post Navigation | Unauthenticated Full Path Disclosure (BAC) |
Admin Trim Interface | Unauthenticated Full Path Disclosure (BAC) |
AForms | Unauthenticated Full Path Disclosure (BAC) |
Aramex Shipping WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
BerqWP | Unauthenticated NonBlind Server-Side Request Forgery (SSRF) |
Branda | Unauthenticated Full Path Disclosure (BAC) |
Bug Library | Unauthenticated Remote Code Execution (RCE) |
Campaign Monitor for WordPress | Unauthenticated Full Path Disclosure (BAC) |
CZ Loan Management | Unauthenticated SQL Injection (SQLi) |
Donation Block For PayPal | Unauthenticated Cross-Site Scripting (XSS) |
Easy Pixels | Unauthenticated Cross-Site Scripting (XSS) |
Elements kit Elementor addons | Unauthenticated Private Information Exposure via ekit_widgetarea_content Function |
EventON | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC) |
Filter & Grids | Unauthenticated Local File Inclusion (LFi) |
FormLift for Infusionsoft Web Forms | Unauthenticated SQL Injection (SQLi) |
FULL Customer | Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter |
Glossary | Unauthenticated Full Path Disclosure (BAC) |
Goya Theme | Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters |
Gravity Forms: Multiple Form Instances | Unauthenticated Full Path Disclosure (BAC) |
HUSKY | Unauthenticated TimeBased SQL Injection (SQLi) |
Icegram | Unauthenticated Message Duplication |
InstaWP Connect | Unauthenticated Authentication Bypass |
Intelligence | Unauthenticated Full Path Disclosure (BAC) |
IQ Testimonials | Unauthenticated Arbitrary File Upload (BAC) |
Jobmonster Theme | Unauthenticated Arbitrary File Deletion (BAC) |
Jobmonster Theme | Unauthenticated Privilege Escalation (BAC) |
JSON API User | Unauthenticated Privilege Escalation (BAC) |
Keydatas | Unauthenticated Arbitrary File Upload (BAC) |
Laposta | Unauthenticated Full Path Disclosure (BAC) |
LearnPress | Missing Authorization (BAC) to Unauthenticated User Registration Bypass |
LearnPress | Unauthenticated Bypass to User Registration |
ListingPro | Unauthenticated Local File Inclusion (LFi) |
ListingPro | Unauthenticated SQL Injection (SQLi) |
ListingPro Theme | Unauthenticated SQL Injection (SQLi) |
One Click Close Comments | Unauthenticated Full Path Disclosure (BAC) |
Optimize images ALT Text (alt tag) & names for SEO using AI | Unauthenticated Full Path Disclosure (BAC) |
PayPlus Payment Gateway | Unauthenticated SQL Injection (SQLi) |
Piotnet Addons For Elementor | Unauthenticated Private Information Exposure |
Plum: Spin Wheel & Email Popup | Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
Product Designer | Missing Authorization (BAC) to Unauthenticated Arbitrary Attachment Deletion (BAC) |
Product Table by WBW | Unauthenticated Remote Code Execution (RCE) |
Profile Builder | Unauthenticated Media Upload (BAC) |
Redux Framework | Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS) |
SchedulePress | Unauthenticated Full Path Disclosure (BAC) |
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | Unauthenticated Full Path Disclosure (BAC) |
Social Auto Poster | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
Social Auto Poster | Unauthenticated Cross-Site Scripting (XSS) |
TOCHAT.BE | Unauthenticated Cross-Site Scripting (XSS) |
Ultimate Auction | Missing Authorization (BAC) to Unauthenticated Email Creation (BAC) |
Ultimate Classified Listings | Unauthenticated Local File Inclusion (LFi) |
User Feedback | Unauthenticated Cross-Site Scripting (XSS) via Name Parameter |
UsersWP | Unauthenticated SQL Injection (SQLi) via 'uwp_sort_by' |
VForm | Unauthenticated Cross-Site Scripting (XSS) |
Woffice Core | Unauthenticated Broken Access Control (BAC) |
Woocommerce OpenPos | Unauthenticated Arbitrary File Deletion (BAC) |
Woocommerce OpenPos | Unauthenticated Private Data Exposure |
Woocommerce OpenPos | Unauthenticated SQL Injection (SQLi) |
WordPress Cliengo Chatbot plugin | Missing Authorization (BAC) to Unauthenticated Chatbot Settings Update (BAC) |
WordPress Form Builder Plugin – Gutenberg Forms | Unauthenticated Arbitrary File Upload (BAC) |
WP EasyPay | Missing Authorization (BAC) to Unauthenticated Service Disconnection |
WP eMember | Unauthenticated Cross-Site Scripting (XSS) via Member Registration |
WP Meteor Page Speed Optimization Topping | Unauthenticated Full Path Disclosure (BAC) |
WP Popups | Unauthenticated Full Path Disclosure (BAC) |
WpStickyBar | Unauthenticated SQL Injection (SQLi) |
XCloner Backup, Restore and Migrate | Unauthenticated Full Path Disclosure (BAC) |
Unauthenticated WordPress reported in 2023: | 235 |
Unauthenticated WordPress reported in 2024: | 355 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.