...
Order today
Unauthenticated WP MAY 2024

Unauthenticated WP MAY 2024 – 64 Security Abuse

Sponsored by:

Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.

Be informed about the latest Unauthenticated WP MAY 2024 - WP Security Circumvention, identified and reported publicly. It is a +19% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Unauthenticated WP MAY 2024

As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP MAY 2024 category:

BackWPup Unauthenticated Backup Download (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Broken Access Control (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Privilege Escalation (BAC)
Bricksforge Unauthenticated Arbitrary Email Sending
Bricksforge Unauthenticated Arbitrary WordPress Setting Deletion (BAC)
Bricksforge Unauthenticated Arbitrary WordPress Settings Change
Citadela Listing Unauthenticated Private Data Exposure
Contact Form Entries Unauthenticated Cross-Site Scripting (XSS)
Customily Product Personalizer Unauthenticated Cross-Site Scripting (XSS)
Demo My WordPress Unauthenticated Privilege Escalation (BAC)
EleForms Unauthenticated Cross-Site Scripting (XSS)
Email Subscribers & Newsletters Unauthenticated SQL Injection (SQLi)
Essential Addons for Elementor Unauthenticated Private Private Information Exposure
Essential Grid Unauthenticated Private Post Disclosure
Forminator Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC)
InstaWP Connect Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed
Language Translate Widget for WordPress – ConveyThis Unauthenticated Cross-Site Scripting (XSS) via api_key
LayerSlider Unauthenticated SQL Injection (SQLi)
LoginPress Pro Unauthenticated License Activation/Deactivation (BAC)
Mailster Unauthenticated Local File Inclusion (LFi)
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via modal
MasterStudy LMS Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via template
Max Addons Pro for Bricks Unauthenticated Plugin Settings Reset
NextGEN Gallery Missing Authorization (BAC) to Unauthenticated Information Disclosure
OrderConvo Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Arbitrary Post/Page Deletion (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Server-Side Request Forgery (SSRF)
Poll Maker Missing Authorization (BAC) to Unauthenticated Private Email Enumeration
Poll Maker Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Post Grid Unauthenticated Password Protected Posts Access (BAC)
PPOM for WooCommerce Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file
Realtyna Organic IDX plugin Unauthenticated SQL Injection (SQLi)
Rehub Theme Unauthenticated Local File Inclusion (LFi)
Relevanssi Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Unauthenticated Second Order CSV Injection
Relevanssi Premium Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Premium Unauthenticated Second Order CSV Injection
Royal Elementor Addons Unauthenticated Limited File Upload (BAC)
Salon booking system Unauthenticated Cross-Site Scripting (XSS)
Sharkdropship for AliExpress Dropship and Affiliate Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Simple Buttons Creator Unauthenticated Cross-Site Scripting (XSS)
Simple Registration for WooCommerce Unauthenticated Privilege Escalation (BAC)
Social Pug Unauthenticated Password Protected Posts Access (BAC)
Soledad Theme Unauthenticated Broken Access Control (BAC)
User Registration Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC)
Wholesale For WooCommerce Unauthenticated Arbitrary Post/Page
WooCommerce PDF Invoices & Packing Slips Unauthenticated Server Side Request Forgery
WooCommerce PDF Invoices & Packing Slips Unauthenticated Cross-Site Scripting (XSS)
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Missing Authorization (BAC) to Unauthenticated Settings Reset
WOOCS – WooCommerce Currency Switcher Unauthenticated Arbitrary Shortcode Execution
WP Cookie Notice for PDPA, CCPA & ePrivacy Consent Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
WP ERP Unauthenticated Cross-Site Scripting (XSS)
WP Members Unauthenticated Cross-Site Scripting (XSS)
WP Meta SEO Unauthenticated Cross-Site Scripting (XSS) via Referer header
WZone Unauthenticated Broken Access Control (BAC)
WZone Unauthenticated SQL Injection (SQLi)
XStore Core Unauthenticated PHP Object Injection
XStore Core Unauthenticated Privilege Escalation (BAC)
XStore Core Unauthenticated SQL Injection (SQLi)
XStore Theme Unauthenticated Broken Access Control (BAC)
XStore Theme Unauthenticated Local File Inclusion (LFi)
XStore Theme Unauthenticated SQL Injection (SQLi)
Z Y N I T H Unauthenticated Cross-Site Scripting (XSS)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 193
Contact immediately:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents

A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online © 2023 - 2024 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.