Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP MAY 2024 - WP Security Circumvention, identified and reported publicly. It is a +19% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP MAY 2024 category:
BackWPup | Unauthenticated Backup Download (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
Bricksforge | Unauthenticated Arbitrary Email Sending |
Bricksforge | Unauthenticated Arbitrary WordPress Setting Deletion (BAC) |
Bricksforge | Unauthenticated Arbitrary WordPress Settings Change |
Citadela Listing | Unauthenticated Private Data Exposure |
Contact Form Entries | Unauthenticated Cross-Site Scripting (XSS) |
Customily Product Personalizer | Unauthenticated Cross-Site Scripting (XSS) |
Demo My WordPress | Unauthenticated Privilege Escalation (BAC) |
EleForms | Unauthenticated Cross-Site Scripting (XSS) |
Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
Essential Addons for Elementor | Unauthenticated Private Private Information Exposure |
Essential Grid | Unauthenticated Private Post Disclosure |
Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
InstaWP Connect | Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed |
Language Translate Widget for WordPress – ConveyThis | Unauthenticated Cross-Site Scripting (XSS) via api_key |
LayerSlider | Unauthenticated SQL Injection (SQLi) |
LoginPress Pro | Unauthenticated License Activation/Deactivation (BAC) |
Mailster | Unauthenticated Local File Inclusion (LFi) |
MasterStudy LMS | Unauthenticated Local File Inclusion (LFi) via modal |
MasterStudy LMS | Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action |
MasterStudy LMS | Unauthenticated Local File Inclusion (LFi) via template |
Max Addons Pro for Bricks | Unauthenticated Plugin Settings Reset |
NextGEN Gallery | Missing Authorization (BAC) to Unauthenticated Information Disclosure |
OrderConvo | Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC) |
Piotnet Addons For Elementor Pro | Unauthenticated Arbitrary Post/Page Deletion (BAC) |
Piotnet Addons For Elementor Pro | Unauthenticated Server-Side Request Forgery (SSRF) |
Poll Maker | Missing Authorization (BAC) to Unauthenticated Private Email Enumeration |
Poll Maker | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
Post Grid | Unauthenticated Password Protected Posts Access (BAC) |
PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
Realtyna Organic IDX plugin | Unauthenticated SQL Injection (SQLi) |
Rehub Theme | Unauthenticated Local File Inclusion (LFi) |
Relevanssi | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
Relevanssi | Unauthenticated Second Order CSV Injection |
Relevanssi Premium | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
Relevanssi Premium | Unauthenticated Second Order CSV Injection |
Royal Elementor Addons | Unauthenticated Limited File Upload (BAC) |
Salon booking system | Unauthenticated Cross-Site Scripting (XSS) |
Sharkdropship for AliExpress Dropship and Affiliate | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
Simple Buttons Creator | Unauthenticated Cross-Site Scripting (XSS) |
Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
Social Pug | Unauthenticated Password Protected Posts Access (BAC) |
Soledad Theme | Unauthenticated Broken Access Control (BAC) |
User Registration | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
Wholesale For WooCommerce | Unauthenticated Arbitrary Post/Page |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Server Side Request Forgery |
WooCommerce PDF Invoices & Packing Slips | Unauthenticated Cross-Site Scripting (XSS) |
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
WOOCS – WooCommerce Currency Switcher | Unauthenticated Arbitrary Shortcode Execution |
WP Cookie Notice for PDPA, CCPA & ePrivacy Consent | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
WP ERP | Unauthenticated Cross-Site Scripting (XSS) |
WP Members | Unauthenticated Cross-Site Scripting (XSS) |
WP Meta SEO | Unauthenticated Cross-Site Scripting (XSS) via Referer header |
WZone | Unauthenticated Broken Access Control (BAC) |
WZone | Unauthenticated SQL Injection (SQLi) |
XStore Core | Unauthenticated PHP Object Injection |
XStore Core | Unauthenticated Privilege Escalation (BAC) |
XStore Core | Unauthenticated SQL Injection (SQLi) |
XStore Theme | Unauthenticated Broken Access Control (BAC) |
XStore Theme | Unauthenticated Local File Inclusion (LFi) |
XStore Theme | Unauthenticated SQL Injection (SQLi) |
Z Y N I T H | Unauthenticated Cross-Site Scripting (XSS) |
Unauthenticated WordPress reported in 2023: | 235 |
Unauthenticated WordPress reported in 2024: | 193 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.