Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest Unauthenticated WP SEP 2024 - WP Security Circumvention, identified and reported publicly. It is a -4% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these unrestricted access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the Unauthenticated WP SEP 2024 category:
| affiliate-toolkit | Unauthenticated Full Path Dislcosure (BAC) |
| Amelia | Unauthenticated Full Path Disclosure (BAC) |
| App Builder | Unauthenticated SQL Injection (SQLi) via app-builder-search |
| Backup and Restore WordPress | Unauthenticated Broken Access Control (BAC) |
| BerqWP | Unauthenticated File Upload (BAC) |
| Bit Form Pro | Unauthenticated File Deletion (BAC) |
| Contest Gallery | Unauthenticated Comment UserID And IP address Disclosure (BAC) |
| Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated Post/Page Deletion (BAC) |
| Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated SQL Injection (SQLi) |
| Droip | Unauthenticated File Download/Deletion (BAC) |
| Ebook Store | Unauthenticated Full Path Disclosure (BAC) |
| Funnelforms Free | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) and Deletion (BAC) |
| GEO my WordPress | Unauthenticated Local File Inclusion (LFi) |
| GiveWP | Missing Authorization (BAC) to Unauthenticated Event Settings Update (BAC) |
| GiveWP | Unauthenticated PHP Object Injection to Remote Code Execution (RCE) (RCE) |
| GiveWP | Unauthenticated Full Path Disclosure (BAC) |
| Grow by Tradedoubler | Unauthenticated Local File Inclusion (LFi) |
| Hide My Site | Unauthenticated Private Information Exposure |
| Icegram | Unauthenticated Private Unpublished Campaign Viewer |
| InPost for WooCommerce | Unauthenticated File Read (BAC)/Delete (BAC) |
| InPost PL | Unauthenticated File Read (BAC)/Delete (BAC) |
| JobSearch | Unauthenticated Account Takeover (BAC) |
| JS Help Desk – Best Help Desk & Support Plugin | Unauthenticated Remote Code Execution (RCE) |
| Justified Image Grid | Unauthenticated Server Side Request Forgery (SSRF) |
| Linkify Text | Unauthenticated Full Path Disclosure (BAC) |
| LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
| LiteSpeed Cache | Unauthenticated Privilege Escalation (BAC) |
| Metform Elementor Contact Form Builder | Unauthenticated Double-Extension File Upload (BAC) |
| Mollie Payments for WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
| Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
| My Custom CSS PHP & ADS | Unauthenticated Full Path Disclosure (BAC) |
| News Element Elementor Blog Magazine | Unauthenticated Local File Inclusion (LFi) |
| Newsletters | Unauthenticated Full Path Disclosure (BAC) |
| NitroPack | Unauthenticated Shortcode Execution |
| No Update Nag | Unauthenticated Full Path Disclosure (BAC) |
| Obfuscate Email | Unauthenticated Full Path Disclosure (BAC) |
| Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
| Opti Marketing | Unauthenticated SQL Injection (SQLi) |
| PDF Builder for WPForms | Unauthenticated Full Path Disclosure (BAC) |
| Permalink Manager Lite | Missing Authorization (BAC) to Unauthenticated Private Information Exposure |
| Premium SEO Pack | Unauthenticated Private Information Exposure |
| Propovoice Pro | Unauthenticated SQL Injection (SQLi) |
| Relevanssi | Unauthenticated Private Information Exposure |
| Relevanssi Live Ajax Search | Unauthenticated WP_Query Argument Injection |
| Reveal Template | Unauthenticated Full Path Disclosure (BAC) |
| Skitter Slideshow | Unauthenticated Server-Side Request Forgery |
| SmartSearch WP | Unauthenticated SQL Injection (SQLi) |
| SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
| Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
| TrueBooker | Multiple Unauthenticated SQL Injection (SQLi) |
| Ultimate Membership Pro | Unauthenticated PHP Object Injection |
| Ultimate Membership Pro | Unauthenticated Privilege Escalation (BAC) |
| WBW Product Table PRO | Unauthenticated SQL Query Execution |
| Web Directory Free | Unauthenticated Local File Inclusion (LFi) |
| Woffice Theme | Unauthenticated Privilege Escalation (BAC) |
| WooCommerce PDF Vouchers | Unauthenticated File Deletion (BAC) |
| WooCommerce PDF Vouchers | Unauthenticated Multiple Vulnerabilities |
| Woo Inquiry | Unauthenticated SQL Injection (SQLi) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
| wpDiscuz | Unauthenticated HTML Injection |
| wpForo Forum | Unauthenticated Private Data Exposure |
| YayExtra | Unauthenticated File Upload (BAC) via handle_Upload (BAC)_file Function |
| Z Y N I T H | Unauthenticated Option Deletion (BAC) |
| Z Y N I T H | Unauthenticated Plugin Settings Change (BAC) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 420 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.