Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP JUL 2024 - WP Security Circumvention, identified and reported publicly. It is a +41% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JUL 2024 category:
| Advanced Contact form 7 DB | Missing Authorization (BAC) to Unauthenticated Information Disclosure (BAC) |
| Album and Image Gallery plus Lightbox | Unauthenticated Arbitrary Shortcode Execution |
| ARForms | Unauthenticated RCE |
| Authorize.net Payment Gateway For WooCommerce | Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass (BAC) |
| Bookster | Unauthenticated Appointment Status Update (BAC) (BAC) |
| Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
| Canto | Unauthenticated Remote File Inclusion (LFi) (RFi) |
| Checkout Field Editor for WooCommerce (Pro) | Unauthenticated Arbitrary File Deletion (BAC) |
| CoDesigner WooCommerce Builder for Elementor | Unauthenticated PHP Object Injection |
| Consulting Elementor Widgets | Unauthenticated Local File Inclusion (LFi) |
| Contact Form 7 | Unauthenticated Open Redirect |
| Cost Calculator Builder Pro | Unauthenticated Arbitrary Email Sending |
| Dokan Pro | Unauthenticated SQL Injection (SQLi) |
| Elements kit Elementor addons | Unauthenticated Broken Access Control (BAC) |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) via hash |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
| FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
| Ibtana | Unauthenticated Plugin Settings Update (BAC) |
| InstaWP Connect | Missing Authorization (BAC) to Unauthenticated API setup/Arbitrary Options Update (BAC) /Administrative User Creation (BAC) |
| Masterstudy Elementor Widgets | Unauthenticated Broken Access Control (BAC) |
| MegaMenu | Unauthenticated Local File Inclusion (LFi) |
| Metform Elementor Contact Form Builder | Unauthenticated Private Information Exposure |
| Music Store | Unauthenticated SQL Injection (SQLi) |
| Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
| Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
| Open Graph | Unauthenticated Private Information Exposure |
| Pearl | Missing Authorization (BAC) to Unauthenticated Arbitrary Site Options Deletion (BAC) |
| phpinfo WP | Unauthenticated Data Exposure |
| Quiz Maker | Unauthenticated SQL Injection (SQLi) via 'ays_questions' |
| Salon booking system | Unauthenticated Arbitrary File Upload (BAC) |
| Scheduling Plugin – Online Booking for WordPress | Unauthenticated Plugin Settings Reset (BAC) |
| Shariff | Unauthenticated Local File Inclusion (LFi) |
| Startklar Elementor Addons | Unauthenticated Path Traversal to Arbitrary Directory Deletion (BAC) |
| Themify – WooCommerce Product Filter | Unauthenticated SQL Injection (SQLi) via conditions Parameter |
| Uncanny Automator Pro | Unauthenticated License Settings Reset (BAC) |
| Video Gallery | Unauthenticated Local File Inclusion (LFi) |
| Where I Was, Where I Will Be | Unauthenticated Remote File Inclusion (LFi) (RFi) |
| Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
| WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
| WishList Member X | Unauthenticated Arbitrary SQL Query Execution |
| WishList Member X | Unauthenticated Database Backup Download |
| WishList Member X | Unauthenticated Denial of Service (DoS) Attack |
| WishList Member X | Unauthenticated Settings & Users Data Dump |
| WooCommerce Dropshipping | Unauthenticated Arbitrary Email Sending |
| WooCommerce Social Login | Unauthenticated PHP Object Injection |
| WordPress Picture / Portfolio / Media Gallery | Unauthenticated Server-Side Request Forgery (SSRF) |
| WP Child Theme Generator | Unauthenticated Child Theme Creation (BAC) /Activation |
| WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
| wpDataTables | Unauthenticated SQL Injection (SQLi) |
| WP Hotel Booking | Unauthenticated SQL Injection (SQLi) |
| WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
| WP-Recall | Unauthenticated Payment Deletion (BAC) via delete_payment |
| WS Form LITE | Unauthenticated CSV Injection |
| WS Form Pro | Unauthenticated CSV Injection |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 287 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.