Order today
Unauthenticated WP DEC 2024

Unauthenticated WP DEC 2024 – 59 Security Abuse

Sponsored by:

Order managed WooCommerce bundle: security, maintenance, speed, backup and monitoring. Managed for you on your domain, inside your hosting account, in your country. Each recurrent service costs the price of a single coffee, from your local barista, per week.

Be informed about the latest Unauthenticated WP DEC 2024 - WP Security Circumvention, identified and reported publicly. It is a +44% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Unauthenticated WP DEC 2024

As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP DEC 2024 category:

Activity Log Unauthenticated Cross-Site Scripting (XSS) from Event Context
Advanced Order Export For WooCommerce Unauthenticated PHP Object Injection (BAC)
Anonymous Restricted Content Unauthenticated Content Restriction Bypass (BAC) to Private Information Exposure
AppPresser Unauthenticated Privilege Escalation (BAC) from Password Reset
Automation By Autonami Unauthenticated SQL Injection (SQLi)
Backup and Staging by WP Time Capsule Unauthenticated Arbitrary File Upload (BAC)
Blogger 301 Redirect Unauthenticated SQL Injection (SQLi)
Booking calendar, Appointment Booking System Unauthenticated Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Category Ajax Filter Unauthenticated Local File Inclusion (LFi)
CE21 Suite Missing Authorization (BAC) to Unauthenticated Plugin Settings Change (BAC)
Chartify Unauthenticated Local File Inclusion (LFi) from source
Clone Unauthenticated PHP Object Injection (BAC) from 'recursive_unserialized_replace'
Contest Gallery Unauthenticated SQL Injection (SQLi)
Contest Gallery Unauthenticated Arbitrary Password Reset (BAC) to Privilege Escalation (BAC)and Account Takeover (BAC)
Debug Tool Unauthenticated Arbitrary File Creation (BAC)
FluentSMTP Unauthenticated PHP Object Injection (BAC)
GamiPress Unauthenticated Arbitrary Shortcode Execution (BAC) from gamipress_get_user_earnings
Hash Elements Missing Authorization (BAC) to Unauthenticated Draft Post Title Exposure
Hide Links Unauthenticated Shortcode Execution (BAC)
Hustle Missing Authorization (BAC) to Unauthorized Form Submission
Jobify - Job Board WordPress Theme Unauthenticated Arbitrary File Read (BAC)
JobSearch Unauthenticated Arbitrary File Upload (BAC)
Luna Web Radio Player Unauthenticated Arbitrary File Read (BAC)
MP3 Sticky Player Unauthenticated Arbitrary File Read (BAC)and Download (BAC)
My Contador lesr Missing Authorization (BAC) to Unauthenticated User Registration (BAC) CSV Export (BAC)
Otter - Gutenberg Block Unauthenticated Path Traversal (BAC) to Arbitrary Image View
Paid Member Subscriptions Unauthenticated Arbitrary Shortcode Execution (BAC)
Popup box Missing Authorization (BAC) to UnauthenticatedOptions Update (BAC)
ProfilePress Unauthenticated Content Restriction Bypass (BAC) to Private Information Exposure
Quform Unauthenticated Private Information Exposure
RegistrationMagic Unauthenticated Privilege Escalation (BAC) from Password Recovery
Registrations for the Events Calendar Unauthenticated Cross-Site Scripting (XSS)
Request a Quote for WooCommerce and Elementor Unauthenticated Arbitrary Shortcode Execution (BAC) from fire_contact_form
School Management Unauthenticated Arbitrary File Upload (BAC)
Security & Malware scan by CleanTalk Authorization Bypass (BAC) from Reverse DNS Spoofing to Unauthenticated SQL Injection (SQLi)
Simple Membership Exposure of Private Personal Information to an Unauthorized Actor
System Dashboard Unauthenticated Cross-Site Scripting (XSS)
Tickera Unauthenticated Arbitrary Shortcode Execution (BAC)
Tutor LMS Unauthenticated SQL Injection (SQLi) from rating_filter
Tutor LMS User Registration (BAC) Setting Bypass (BAC) to Unauthorized User Registration (BAC)
Uix Slideshow Unauthenticated Arbitrary Shortcode Execution (BAC)
User Extra Fields Unauthenticated Arbitrary File Upload (BAC)
User Extra Fields Unauthenticated Arbitrary File Deletion (BAC)
Video Gallery for WooCommerce Missing Authorization (BAC) to UnauthenticatedFile Deletion (BAC)
WooCommerce Product Table Lite Unauthenticated Arbitrary Shortcode Execution (BAC) & Cross-Site Scripting (XSS)
WooCommerce Support Ticket System Unauthenticated Arbitrary File Deletion (BAC)
WooCommerce Support Ticket System Unauthenticated Arbitrary File Upload (BAC)
WooCommerce Upload (BAC) Files Unauthenticated Arbitrary File Upload (BAC)
WOOCS – WooCommerce Currency Switcher Unauthenticated Arbitrary Shortcode Execution (BAC)
WordPress GDPR & CCPA Missing Authorization (BAC) to Unauthenticated Arbitrary User Deletion (BAC)
WordPress GDPR & CCPA Unauthenticated Cross-Site Scripting (XSS)
WP Activity Log Unauthenticated Cross-Site Scripting (XSS)
WP Membership Unauthenticated Arbitrary File Upload (BAC)
WP Photo Album Plus Unauthenticated Arbitrary Shortcode Execution (BAC) from getshortcodedrenderedfenodelay
WP Project Manager Insecure Direct Object Reference (IDOR) to Unauthenticated Authorization Bypass (BAC)
WPB Popup for Contact Form 7 Unauthenticated Arbitrary Shortcode Execution (BAC) from wpb_pcf_fire_contact_form
WPGYM Unauthenticated Arbitrary File Upload (BAC)
WPLMS Theme Unauthenticated Arbitrary File Read (BAC) and Deletion (BAC)
WPvivid Backup and Migration Unauthenticated PHP Object Injection (BAC)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 568
Contact your online project manager:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online administration © 2023 - 2025 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.