Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP JUN 2024 - WP Security Circumvention, identified and reported publicly. It is a -39% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JUN 2024 category:
Atarim | Unauthenticated Cross-Site Scripting (XSS) |
Back In Stock Notifier for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Booster for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Business Directory Plugin | Unauthenticated SQL Injection (SQLi) via listingfields Parameter |
Contact Form by WPForms | Unauthenticated Price Manipulation (BAC) |
Copymatic – AI Content Writer & Generator | Unauthenticated Arbitrary File Upload (BAC) |
Cost Calculator Builder Pro | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Country State City Dropdown CF7 | Unauthenticated SQL Injection (SQLi) |
Email Log | Unauthenticated Hook Injection |
Flash & HTML5 Video | Unauthenticated SQL Injection (SQLi) |
Gravity Forms Unique ID | Unauthenticated Form Submission Unique ID Modification |
Hash Form – Drag & Drop Form Builder | Unauthenticated Arbitrary File Upload (BAC) to Remote Code Execution (RCE) |
Hash Form – Drag & Drop Form Builder | Unauthenticated PHP Object Injection |
Hotel Booking Lite | Unauthenticated PHP Object Injection |
Last Viewed Posts by WPBeginner | Unauthenticated PHP Object Injection |
LearnPress | Unauthenticated Bypass (BAC) to User Registration |
LearnPress | Unauthenticated Time-Based SQL Injection (SQLi) |
NextScripts | Unauthenticated Cross-Site Scripting (XSS) via User Agent |
Orders Tracking for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Penci Soledad Data Migrator | Unauthenticated Local File Inclusion (LFi) |
Popup4Phone | Unauthenticated Cross-Site Scripting (XSS) |
Porto Theme | Unauthenticated Local File Inclusion (LFi) via porto_ajax_posts |
Simple Basic Contact Form | Unauthenticated Arbitrary Shortcode Execution (BAC) |
Slider Revolution | Unauthenticated Broken Access Control (BAC) |
SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress | Unauthenticated Private Keys Access |
Startklar Elementor Addons | Unauthenticated Arbitrary File Deletion |
Startklar Elementor Addons | Unauthenticated Arbitrary File Upload (BAC) |
Stockholm Theme | Unauthenticated Local File Inclusion (LFi) |
Swift Framework | Missing Authorization (BAC) to Unauthenticated Arbitrary Content Update |
Userpro | Unauthenticated Account Takeover |
Web Directory Free | Unauthenticated SQL Injection (SQLi) |
WPCafe | Unauthenticated Server-Side Request Forgery (SSRF) |
wpDataTables | Unauthenticated Cross-Site Scripting (XSS) via CSV Import |
WP Photo Album Plus | Unauthenticated Arbitrary Shortcode Execution (BAC) |
WP Photo Album Plus | Unauthenticated Arbitrary File Upload (BAC) |
WPZOOM Addons for Elementor (Templates, Widgets) | Unauthenticated Local File Inclusion (LFi) |
XML Sitemap & Google News | Unauthenticated Local File Inclusion (LFi) |
YITH WooCommerce Ajax Search | Unauthenticated Cross-Site Scripting (XSS) |
YITH WooCommerce Gift Cards | Multiple BAC - Missing Authorization to Unauthenticated WooCommerce Settings Update |
Unauthenticated WordPress reported in 2023: | 235 |
Unauthenticated WordPress reported in 2024: | 232 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.