😍 owlpower.eu managed AI services - 🤖️ use advanced AI models for your 🌐️ WP & 🛒️ Woo: generate content, images, forms, and more, tailored directly for your domain and business niche.
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC JUN 2025 is a -53% DECREASE, compared to previous month. Consider for your online safety, a managed security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these non-enforced access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
| 1 Click WordPress Migration | Missing Authorization (BAC) and Arbitrary File Upload (BAC) |
| 6Storage Rentals | Broken Access Control (BAC) |
| Acerola Theme | Broken Access Control (BAC) |
| Advanced File Manager | Broken Access Control (BAC) and Notice Dismissal |
| AHAthat | Cross-Site Request Forgery (CSRF) and AHA Page Deletion (BAC) |
| Ajar in5 Embed | Arbitrary File Upload (BAC) |
| AnyWhere Elementor Pro Theme | Broken Access Control (BAC) |
| BEAF | Arbitrary File Upload (BAC) |
| belingoGeo | Arbitrary File Download (BAC) |
| BERTHA AI | Broken Access Control (BAC) |
| Blocksy Theme | Broken Access Control (BAC) |
| Booking and Rental Manager | Broken Access Control (BAC) |
| Bot for Telegram on WooCommerce | Broken Access Control (BAC) |
| Browse As | Authentication Bypass (BAC) from Cookie |
| BTEV | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| BuddyPress Platform Pro | Authentication Bypass (BAC) from Apple OAuth provider |
| Bulk Featured Image | Broken Access Control (BAC) |
| Calculate Prices based on Distance For WooCommerce | Broken Access Control (BAC) |
| Challan | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| ClickWhale | Broken Access Control (BAC) |
| Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Missing Authorization (BAC) and Private Information Exposure |
| ContentStudio | Broken Access Control (BAC) |
| CouponXL Theme | Privilege Escalation (BAC) |
| Cozy Blocks | Broken Access Control (BAC) |
| Crawlomatic Multisite Scraper Post Generator | Unauthenticated Arbitrary File Upload (BAC) |
| CryptoCloud Crypto Payment Gateway | Broken Access Control (BAC) |
| CSS3 Accordions for WordPress | Broken Access Control (BAC) |
| CSS3 Compare Pricing Tables for WordPress | Broken Access Control (BAC) |
| CSS3 Tooltips for WordPress | Broken Access Control (BAC) |
| CURCY | Arbitrary Shortcode Execution (BAC) |
| Custom Author Base | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Digits | Auth Bypass (BAC) from OTP Bruteforcing |
| Drag and Drop File Upload (BAC) for Elementor Forms | Arbitrary File Deletion (BAC) |
| Drag and Drop Multiple File Upload (BAC) for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) from upload Function |
| eaSYNC | PayPal Settings Update (BAC) |
| Echo RSS Feed Post Generator Plugin for WordPress | Unauthenticated Arbitrary File Upload (BAC) |
| EKC Tournament Manager | Arbitrary File Download (BAC) |
| Element Pack Pro | Broken Access Control (BAC) |
| ELEX WordPress HelpDesk & Customer Ticketing System | Arbitrary File Upload (BAC) |
| eMagicOne Store Manager | Unauthenticated Arbitrary File Deletion (BAC) |
| eMagicOne Store Manager | Unauthenticated Arbitrary File Read (BAC) |
| eMagicOne Store Manager | Unauthenticated Arbitrary File Upload (BAC) from set_file() |
| Embed and Integrate Etsy Shop | Broken Access Control (BAC) |
| Envo Extra | Broken Access Control (BAC) |
| Envolve Plugin | Unauthenticated Arbitrary File Upload (BAC) from language_file and fonts_file |
| Envolve Plugin | Unauthenticated Language File Deletion (BAC) |
| EUCookieLaw | Unauthenticated Arbitrary File Read (BAC) |
| Event Calendar | Unauthenticated Arbitrary Calendar Deletion (BAC) |
| Eventer | Broken Access Control (BAC) |
| Eventin | Arbitrary File Download (BAC) |
| Eventin | Privilege Escalation (BAC) |
| EventON | Broken Access Control (BAC) |
| EventON | Missing Authorization (BAC) and Cross-Site Scripting (XSS) |
| EventON | Broken Access Control (BAC) |
| EventPrime | Arbitrary booking Settings Update (BAC) |
| Experto CTA Widget – Call and Action, Sticky CTA, Floating Button Plugin | Settings Change (BAC) |
| External image replace | Arbitrary File Upload (BAC) |
| Featured Image Plus | Missing Authorization (BAC) and Featured Image Update |
| Flynax Bridge | Unauthenticated Privilege Escalation (BAC) |
| Frontend Dashboard | Missing Authorization (BAC) and Unauthenticated Privilege Escalation (BAC) |
| Frontend Dashboard | Missing Authorization (BAC) and Privilege Escalation (BAC) |
| Frontend Login and Registration Blocks | Unauthenticated Privilege Escalation (BAC) from Account Takeover (BAC) |
| GDPR CCPA Compliance Support | Broken Access Control (BAC) |
| Graphina | Broken Access Control (BAC) |
| Groundhogg | Arbitrary File Deletion (BAC) |
| GS Logo Slider | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| GS Testimonial Slider | Broken Access Control (BAC) |
| GS Variation Swatches for WooCommerce | Broken Access Control (BAC) |
| Homey Theme | Missing Authorization (BAC) and Arbitrary Reservation & Post Deletion |
| Hospital Management System | Arbitrary File Upload (BAC) |
| Hospital Management System | Privilege Escalation (BAC) |
| HotStar – Multi-Purpose Business Theme | Broken Access Control (BAC) |
| IMITHEMES Listing | Unauthenticated Privilege Escalation (BAC) from Unverified Password Reset (BAC) |
| Infocob CRM Forms | Arbitrary File Download (BAC) |
| Instantio | Arbitrary File Upload (BAC) |
| Jetpack | Unauthenticated Arbitrary Block & Shortcode Execution (BAC) |
| Jetpack Debug Tools | Broken Access Control (BAC) |
| JP Students Result Management System Premium | Arbitrary File Upload (BAC) |
| KBx Pro Ultimate | Arbitrary File Deletion (BAC) |
| LayoutBoxx | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Lead Form Data Collection and CRM | Arbitrary Option Update and Privilege Escalation (BAC) |
| Leadinfo | Settings Change (BAC) |
| Legal Pages | Broken Access Control (BAC) |
| LessButtons Social Sharing and Statistics | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| LocateAndFilter | Broken Access Control (BAC) |
| Login Lockdown | Missing Authorization (BAC) and Arbitrary IP Whitelisting |
| Majestic Support | Broken Access Control (BAC) |
| MapSVG | Broken Access Control (BAC) |
| MapSVG | Broken Access Control (BAC) |
| MapSVG | Arbitrary Shortcode Execution (BAC) |
| MasterStudy LMS Pro | Arbitrary File Upload (BAC) |
| Media Hygiene | Broken Access Control (BAC) |
| Motors Theme | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Motors Theme | Unauthenticated Privilege Escalation (BAC) from Password Update (BAC)/Account Takeover (BAC) |
| MStore API | Unauthenticated Privilege Escalation (BAC) |
| MStore API | Missing Authorization (BAC) and Posts Creation |
| Music Player for WooCommerce | Broken Access Control (BAC) |
| Nomupay Payment Processing Gateway | Arbitrary File Download (BAC) |
| Ntz Antispam | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Opal Woo Custom Product Variation | Arbitrary File Deletion (BAC) |
| OTP-less one tap Sign in | Unauthenticated Arbitrary Email Update and Account Takeover (BAC)/Privilege Escalation (BAC) |
| Ovation Elements | Broken Access Control (BAC) |
| PeproDev Ultimate Profile Solutions | Authentication Bypass (BAC) and Account Takeover (BAC) |
| PeproDev Ultimate Profile Solutions | Missing Authorization (BAC) and Unauthenticated Arbitrary User Meta Update |
| PeproDev Ultimate Profile Solutions | Missing Authorization (BAC) and Unauthenticated Email Enumeration |
| PGS Core | Missing Authorization (BAC) from Multiple Functions |
| Pinterest Automatic Pin | Broken Access Control (BAC) |
| Printcart Web and Print Product Designer for WooCommerce | Arbitrary File Upload (BAC) |
| Product Quantity Dropdown For Woocommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| ProfileGrid | Broken Access Control (BAC) |
| Projectopia | Broken Access Control (BAC) |
| Property | Missing Authorization (BAC) and Privilege Escalation (BAC) from property_package_user_role Metadata in PayPal Registration |
| Push notification for Mobile and Web app | Broken Access Control (BAC) |
| QS Dark Mode | Broken Access Control (BAC) |
| QuickCal | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| QuickCal | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Rankie | Broken Access Control (BAC) |
| Reales WP STPT | Privilege Escalation (BAC) from Password Update (BAC) |
| Reales WP STPT | Unauthorized User Registration (BAC) |
| Responsive Plus | Broken Access Control (BAC) |
| Rootspersona | Broken Access Control (BAC) |
| Rozario Theme | Broken Access Control (BAC) |
| RS WP Book Showcase | Arbitrary Shortcode Execution (BAC) |
| Salon Booking Pro | Broken Access Control (BAC) |
| Secure Downloads | Arbitrary File Download (BAC) |
| Sharespine Woocommerce Connector | Broken Access Control (BAC) |
| Shortlinks by Pretty Links | Broken Access Control (BAC) |
| Simple Business Directory Pro | Privilege Escalation (BAC) |
| Simple File List | Settings Change (BAC) |
| Simple Link Directory Pro | Broken Access Control (BAC) |
| Simple Nav Archives | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| SMS Alert Order Notifications – WooCommerce | Privilege Escalation (BAC) from handleWpLoginCreateUserAction Function |
| Splitit | Missing Authorization (BAC) and Multiple Administrative Actions |
| Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light | Privilege Escalation (BAC) |
| STAGGS | Arbitrary File Upload (BAC) |
| StoreKeeper for WooCommerce | Arbitrary File Upload (BAC) |
| StyleAI | Broken Access Control (BAC) |
| Subaccounts for WooCommerce | Account Takeover (BAC) |
| Tainacan | Arbitrary File Deletion (BAC) |
| The Business Theme | Broken Access Control (BAC) |
| The Events Calendar | Broken Access Control (BAC) |
| TheGem Theme | Arbitrary File Upload (BAC) |
| TheGem Theme | Missing Authorization (BAC) and Arbitrary Theme Options Update |
| The Plus Addons for Elementor Pro | Broken Access Control (BAC) |
| The Ultimate WordPress Toolkit – WP Extended | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| TicketBAI Facturas para WooCommerce | Unauthenticated Arbitrary File Deletion (BAC) |
| TI WooCommerce Wishlist | Arbitrary File Upload (BAC) |
| Tours | Broken Access Control (BAC) |
| Travelpayouts | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| TwitterPosts | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Uncanny Automator | Missing Authorization (BAC) and Plugin Settings Update (BAC) |
| Url Rewrite Analyzer | Broken Access Control (BAC) |
| User Profile Meta Manager | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Visual Builder | Broken Access Control (BAC) |
| Visual Header | Broken Access Control (BAC) |
| Web3Press | Arbitrary File Read (BAC) |
| Wholesale Market | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Widgets Reset | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Wiki Embed | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Wishlist | Broken Access Control (BAC) |
| Wolmart Theme | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Woocommerce Multiple Addresses | Privilege Escalation (BAC) |
| WooCommerce POS | Broken Access Control (BAC) |
| Woo Slider Pro | Arbitrary Content Deletion (BAC) |
| Woo Slider Pro | Missing Authorization (BAC) and Arbitrary Post Deletion from woo_slide_pro_delete_draft_preview |
| Wordpress Auto Spinner | Broken Access Control (BAC) |
| WPBookit | Insecure Direct Object Reference and Unauthenticated Privilege Escalation (BAC) from Account Takeover (BAC) |
| WPBot Pro Wordpress Chatbot | Arbitrary File Deletion (BAC) |
| WP Job Portal | Arbitrary File Download (BAC) |
| WP Mapa Politico España | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| WP shop | Privilege Escalation (BAC) from Account Takeover (BAC) |
| Year Make Model Search for WooCommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Z-Downloads | Arbitrary File Upload (BAC) |
| 百度站长SEO合集(支持百度/神马/Bing/头条推送) | Unauthenticated Arbitrary File Upload (BAC) |
| WordPress BAC & WP Broken Access Control reported in 2023: | 931 |
| WordPress BAC & WP Broken Access Control reported in 2024: | 2024 |
| WordPress BAC & WP Broken Access Control reported in 2025: | 1377 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections: