Order today
Unauthenticated WP JAN 2025

Unauthenticated WP JAN 2025 – 60 Security Abuse

Sponsored by:

Order managed WooCommerce bundle: security, maintenance, speed, backup and monitoring. Managed for you on your domain, inside your hosting account, in your country. Each recurrent service costs the price of a single coffee, from your local barista, per week.

Be informed about the latest Unauthenticated WP JAN 2025 - WP Security Circumvention, identified and reported publicly. It is a +2% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Unauthenticated WP JAN 2025

As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JAN 2025 category:

Accept Authorize.NET Payments Using Contact Form 7 Unauthenticated Information Exposure
Active Products Tables for WooCommerce Unauthenticated Arbitrary Shortcode Execution (BAC) from woot_get_smth
AIO Contact Unauthenticated Plugin Settings Change (BAC)
AIO Contact Unauthenticated Site-Wide Cross-Site Scripting (XSS)
AR For WordPress Missing Authorization (BAC) to Unauthenticated Limited File Upload (BAC)
Authors List Unauthenticated Arbitrary Shortcode Execution (BAC) from Update (BAC)_authors_list_ajax
Beautiful Taxonomy Filters Unauthenticated SQL Injection (SQLi)
Collapsing Categories Unauthenticated SQL Injection (SQLi)
Content No Cache Unauthenticated Private Content Private Data Disclosure
Coupon Affiliates Unauthenticated Arbitrary Shortcode Execution (BAC) and Cross-Site Scripting (XSS)
Download Manager Improper Authorization (BAC) to Unauthenticated Download of Password Protected Files + Private Data
Download Manager Unauthenticated Arbitrary Shortcode Execution (BAC)
EventPrime Unauthenticated Cross-Site Scripting (XSS) from Ticket Category and Ticket Type Name
FAT Services Booking Unauthenticated SQL Injection (SQLi)
FluentForm Unauthenticated Cross-Site Scripting (XSS) from Form Subject
Frontend Admin by DynamiApps Unauthenticated SQL Injection (SQLi)
Grid Plus Unauthenticated Arbitrary Shortcode Execution (BAC) from grid_plus_load_by_category
Jetpack Unauthenticated DOM and Cross-Site Scripting (XSS)
KiviCare Unauthenticated SQL Injection (SQLi)
kk Star Ratings Unauthenticated Arbitrary Shortcode Execution (BAC)
Last Viewed Posts by WPBeginner Unauthenticated Private Data Information Exposure
MainWP Child Missing Authorization (BAC) to Unauthenticated Privilege Escalation (BAC)
Memberful Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Members Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Ninja Forms Unauthenticated Cross-Site Scripting (XSS) from Form Calculations
Page Restriction WordPress (WP) Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Paid Member Subscriptions Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
PPWP – WordPress Password Protect Page Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Print Science Designer Unauthenticated PHP Object Injection
Pubnews Theme Unauthenticated Arbitrary Plugin Installation (BAC)
Rate my Post – WP Rating System Unauthenticated Voting On Scheduled Posts
Restrict Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Revy Unauthenticated Arbitrary File Upload (BAC)
Revy Unauthenticated SQL Injection (SQLi)
Simple Link Directory Unauthenticated Arbitrary Shortcode Execution (BAC)
Simple Page Access Restriction Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Simple Restrict Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Soledad Theme Unauthenticated Limited Local File Inclusion (LFi)
Swift Performance Lite Unauthenticated Local PHP File Inclusion from 'ajaxify'
The Events Calendar Unauthenticated Password Protected Event Private Data Disclosure
TI WooCommerce Wishlist Missing Authorization (BAC) to Unauthenticated Plugin Setup Wizard Access
Traveler Unauthenticated SQL Injection (SQLi) from order_id
Verowa Connect Unauthenticated SQL Injection (SQLi)
VibeBP Unauthenticated Privilege Escalation (BAC)
VibeBP Unauthenticated SQL Injection (SQLi)
Woffice Theme Unauthenticated Account Takeover (BAC)
WooCommerce Unauthenticated Order Creation
WoodMart Unauthenticated Arbitrary Shortcode Execution (BAC)
WP Data Access Unauthenticated SQL Injection (SQLi)
WP Hide Security Enhancer Missing Authorization (BAC) to Unauthenticated Arbitrary File Contents Deletion (BAC)
WPLMS Unauthenticated SQL Injection (SQLi)
WPLMS Unauthenticated Arbitrary Directory Deletion (BAC)
WPLMS Unauthenticated Arbitrary File Upload (BAC)
WPLMS Unauthenticated Arbitrary User Token Generation
WPLMS Unauthenticated Privilege Escalation (BAC)
WPMobile.App Unauthenticated Arbitrary Shortcode Execution (BAC)
WP Private Content Plus Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
WP SuperBackup Unauthenticated Arbitrary File Upload (BAC)
WP SuperBackup Unauthenticated Arbitrary File Upload (BAC)
WP SuperBackup Unauthenticated Backup File Download (BAC)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 628
Unauthenticated WordPress reported in 2025: 60
Contact your online project manager:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online administration © 2023 - 2025 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.