Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP JUL 2024 - WP Security Circumvention, identified and reported publicly. It is a +41% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JUL 2024 category:
Advanced Contact form 7 DB | Missing Authorization (BAC) to Unauthenticated Information Disclosure (BAC) |
Album and Image Gallery plus Lightbox | Unauthenticated Arbitrary Shortcode Execution |
ARForms | Unauthenticated RCE |
Authorize.net Payment Gateway For WooCommerce | Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass (BAC) |
Bookster | Unauthenticated Appointment Status Update (BAC) (BAC) |
Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
Canto | Unauthenticated Remote File Inclusion (LFi) (RFi) |
Checkout Field Editor for WooCommerce (Pro) | Unauthenticated Arbitrary File Deletion (BAC) |
CoDesigner WooCommerce Builder for Elementor | Unauthenticated PHP Object Injection |
Consulting Elementor Widgets | Unauthenticated Local File Inclusion (LFi) |
Contact Form 7 | Unauthenticated Open Redirect |
Cost Calculator Builder Pro | Unauthenticated Arbitrary Email Sending |
Dokan Pro | Unauthenticated SQL Injection (SQLi) |
Elements kit Elementor addons | Unauthenticated Broken Access Control (BAC) |
Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) via hash |
Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
Ibtana | Unauthenticated Plugin Settings Update (BAC) |
InstaWP Connect | Missing Authorization (BAC) to Unauthenticated API setup/Arbitrary Options Update (BAC) /Administrative User Creation (BAC) |
Masterstudy Elementor Widgets | Unauthenticated Broken Access Control (BAC) |
MegaMenu | Unauthenticated Local File Inclusion (LFi) |
Metform Elementor Contact Form Builder | Unauthenticated Private Information Exposure |
Music Store | Unauthenticated SQL Injection (SQLi) |
Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
Open Graph | Unauthenticated Private Information Exposure |
Pearl | Missing Authorization (BAC) to Unauthenticated Arbitrary Site Options Deletion (BAC) |
phpinfo WP | Unauthenticated Data Exposure |
Quiz Maker | Unauthenticated SQL Injection (SQLi) via 'ays_questions' |
Salon booking system | Unauthenticated Arbitrary File Upload (BAC) |
Scheduling Plugin – Online Booking for WordPress | Unauthenticated Plugin Settings Reset (BAC) |
Shariff | Unauthenticated Local File Inclusion (LFi) |
Startklar Elementor Addons | Unauthenticated Path Traversal to Arbitrary Directory Deletion (BAC) |
Themify – WooCommerce Product Filter | Unauthenticated SQL Injection (SQLi) via conditions Parameter |
Uncanny Automator Pro | Unauthenticated License Settings Reset (BAC) |
Video Gallery | Unauthenticated Local File Inclusion (LFi) |
Where I Was, Where I Will Be | Unauthenticated Remote File Inclusion (LFi) (RFi) |
Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
WishList Member X | Unauthenticated Arbitrary SQL Query Execution |
WishList Member X | Unauthenticated Database Backup Download |
WishList Member X | Unauthenticated Denial of Service (DoS) Attack |
WishList Member X | Unauthenticated Settings & Users Data Dump |
WooCommerce Dropshipping | Unauthenticated Arbitrary Email Sending |
WooCommerce Social Login | Unauthenticated PHP Object Injection |
WordPress Picture / Portfolio / Media Gallery | Unauthenticated Server-Side Request Forgery (SSRF) |
WP Child Theme Generator | Unauthenticated Child Theme Creation (BAC) /Activation |
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
wpDataTables | Unauthenticated SQL Injection (SQLi) |
WP Hotel Booking | Unauthenticated SQL Injection (SQLi) |
WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
WP-Recall | Unauthenticated Payment Deletion (BAC) via delete_payment |
WS Form LITE | Unauthenticated CSV Injection |
WS Form Pro | Unauthenticated CSV Injection |
Unauthenticated WordPress reported in 2023: | 235 |
Unauthenticated WordPress reported in 2024: | 287 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.