🔬 Conversion Rate Optimisation for your 🌐 WordPress & 🛒 WooCommerce: skyrocket sales with modern proven methods! The purpose of recurrent CRO services is to constantly improve the likelihood of visitors taking your desired action on your domain.
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC MAY 2024 is a +109% INCREASE compared to previous month. Consider for your online safety, a managed security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these non-enforced access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
| Checkout Payment Gateway for WooCommerce | Missing Authorization (BAC) via sniff_ins |
| 5 Stars Rating Funnel | Arbitrary Content Deletion (BAC) |
| 5 Stars Rating Funnel | Broken Access Control (BAC) |
| Academy LMS | Broken Access Control (BAC) |
| Accountra Theme | Broken Access Control (BAC) |
| ActiveDEMAND | Arbitrary File Upload (BAC) |
| Active Products Tables for WooCommerce | Broken Access Control (BAC) |
| Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
| Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
| Advanced Post Block Post Grid for WordPress block editor | Missing Authorization (BAC) to Information Disclosure |
| Advanced Search | Shortcode Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Advanced Testimonial Carousel for Elementor | Broken Access Control (BAC) |
| AI Post Generator | AutoWriter | Broken Access Control (BAC) |
| All in One Video Gallery | Broken Access Control (BAC) |
| Althea WP Theme | Broken Access Control (BAC) |
| Announcer – Notification & message bars | Broken Access Control (BAC) |
| Appointment Hour Booking | Captcha Bypass (BAC) |
| AppPresser | Broken Access Control (BAC) |
| Arconix FAQ | Broken Access Control (BAC) |
| Arconix Shortcodes | Broken Access Control (BAC) |
| ARForms | Arbitrary File Deletion (BAC) |
| ARForms | Arbitrary Plugin Activation/Deactivation (BAC) |
| ARForms Form Builder | Broken Access Control (BAC) |
| ARForms Form Builder | Missing Authorization (BAC) to Arbitrary Option Deletion (BAC) |
| ARMember | Broken Access Control (BAC) |
| Aspose.Words Exporter | Broken Access Control (BAC) |
| Auto Poster | Arbitrary File Upload (BAC) |
| AWP Classifieds | Broken Access Control (BAC) |
| Backup Migration | Broken Access Control (BAC) |
| BackWPup | Unauthenticated Backup Download (BAC) |
| Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
| Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
| BizPrint | Broken Access Control (BAC) |
| BookingPress | Arbitrary File Upload (BAC) |
| Booking Ultra Pro | Privilege Escalation (BAC) |
| Boostify Header Footer Builder for Elementor | Broken Access Control (BAC) |
| BP Better Messages | Broken Authentication (BAC) |
| Bricksforge | Unauthenticated Arbitrary WordPress Setting Deletion (BAC) |
| Brite Theme | Broken Access Control (BAC) |
| BuddyForms | Arbitrary File Read (BAC) and Server-Side Request Forgery (SSRF) |
| Captcha by BestWebSoft | Captcha Bypass (BAC) |
| Chauffeur Taxi Booking System for WordPress | Broken Authentication (BAC) |
| Church Admin | Arbitrary File Upload (BAC) |
| Church Admin | Broken Access Control (BAC) |
| Classified Listing | Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC) |
| Classified Listing | Cross-Site Request Forgery (CSRF) to Account Takeover via rtcl_Update (BAC)_user_account |
| Classified Listing | Missing Authorization (BAC) |
| Client Dash | Broken Access Control (BAC) |
| Clone | Broken Access Control (BAC) |
| Colibri WP Theme | Broken Access Control (BAC) |
| Contact Form & Lead Form Elementor Builder | Missing Authorization (BAC) |
| Content Control | Missing Authorization (BAC) to Private Private Information Exposure |
| Contest Gallery | Arbitrary File Deletion (BAC) |
| Conversational Forms for ChatBot | Arbitrary File Download (BAC) |
| CookieHub | Broken Access Control (BAC) |
| Country State City Dropdown CF7 | Missing Authorization (BAC) |
| Customer Reviews for WooCommerce | Missing Authorization (BAC) to Arbitrary Email Sending |
| Customer Reviews for WooCommerce | Missing Authorization (BAC) to Coupon Search |
| Custom Order Statuses for WooCommerce | Broken Access Control (BAC) |
| Custom Thank You Page Customize For WooCommerce by Binary Carpenter | Broken Access Control (BAC) |
| Dashboard Welcome for Elementor | Broken Access Control (BAC) |
| Data Tables Generator by Supsystic | Broken Access Control (BAC) |
| Delete Custom Fields | Cross-Site Request Forgery (CSRF) to Post Meta Deletion (BAC) |
| Demo My WordPress | Unauthenticated Privilege Escalation (BAC) |
| Download (BAC) Manager | File Password Lock Bypass (BAC) |
| Duplicate Post | Broken Access Control (BAC) |
| Easy Accept Payments | Broken Access Control (BAC) |
| Easy Property Listings | Broken Access Control (BAC) |
| Easy Social Share Buttons | Multiple Broken Access Control (BAC) |
| EleForms | Missing Authorization (BAC) to Private Private Information Exposure |
| Element Pack Pro | Arbitrary File Read (BAC) and Phar Deserialization |
| Elespare | Missing Authorization (BAC) to Arbitrary Post Creation (BAC) |
| Elevate WP Theme | Broken Access Control (BAC) |
| Email Subscribers & Newsletters | Broken Access Control (BAC) |
| EmbedPress | Broken Access Control (BAC) |
| EmbedPress | Broken Access Control (BAC) |
| Enhanced Text Widget | Broken Access Control (BAC) |
| ENL Newsletter | Campaign Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| EnvíaloSimple | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| EPROLO Dropshipping | Broken Access Control (BAC) |
| eRoom – Zoom Meetings & Webinar | Missing Authorization (BAC) to Private Information Exposure |
| Everest Backup | Arbitrary File Upload (BAC) |
| Evergreen Content Poster | Broken Access Control (BAC) |
| Exclusive Addons Elementor | Broken Access Control (BAC) |
| Fatal Error Notify | Broken Access Control (BAC) |
| Filter Custom Fields & Taxonomies Light | Broken Access Control (BAC) |
| Five Star Restaurant Reservations | Broken Access Control (BAC) |
| Flexible Checkout Fields for WooCommerce | Broken Access Control (BAC) |
| Flexible Shipping | Broken Access Control (BAC) |
| Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
| GG Woo Feed for WooCommerce | Broken Access Control (BAC) |
| Giveaways and Contests by RafflePress | IP Restriction Bypass (BAC) |
| Hugo WP Theme | Broken Access Control (BAC) |
| Hummingbird | Broken Access Control (BAC) |
| Image Watermark | Missing Authorization (BAC) to Watermark Modification |
| Import XML and RSS Feeds | Arbitrary File Upload (BAC) |
| Inline Related Posts | Password Protected Post Read (BAC) |
| Instant Images | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
| InstaWP Connect | Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed |
| InstaWP Connect | Broken Access Control (BAC) |
| Integrate Google Drive | Broken Access Control (BAC) |
| Integrate Google Drive | Broken Access Control (BAC) |
| Ivory Search | Missing Authorization (BAC) to Index Creation (BAC) |
| JS Help Desk – Best Help Desk & Support Plugin | Broken Access Control (BAC) |
| KB Support | Broken Access Control (BAC) |
| Knowledge Base documentation & wiki plugin – BasePress | Broken Access Control (BAC) |
| LearnPress | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Load More Anything | Broken Access Control (BAC) |
| LoginPress Pro | Captcha Bypass (BAC) |
| LoginPress Pro | Unauthenticated License Activation/Deactivation (BAC) |
| Login with phone number | Broken Access Control (BAC) |
| Login with phone number | Privilege Escalation (BAC) |
| Maintenance Mode by helderk | IP Bypass (BAC) |
| Master Addons for Elementor | Broken Access Control (BAC) on Duplicate Post |
| Masteriyo LMS | Privilege Escalation (BAC) |
| MasterStudy LMS | Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action |
| MaxGalleria | Missing Authorization (BAC) |
| Mega Addons For Elementor | Broken Access Control (BAC) |
| Metform Elementor Contact Form Builder | Broken Access Control (BAC) |
| MP3 Audio Player for Music, Radio & Podcast by Sonaar | Arbitrary File Download (BAC) |
| Multi Currency For WooCommerce | Broken Access Control (BAC) |
| MyRewards | Broken Access Control (BAC) |
| Newsletters | Arbitrary File Upload (BAC) |
| News Wall | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| NextGEN Gallery | Missing Authorization (BAC) to Unauthenticated Information Disclosure |
| NPS computy | Results Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Olive One Click Demo Import | Arbitrary File Download (BAC) |
| Open Close WooCommerce Store | Broken Access Control (BAC) |
| OrderConvo | Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC) |
| Order Limit for WooCommerce | Broken Access Control (BAC) |
| Otter Gutenberg Block | Limited File Upload (BAC) to Cross-Site Scripting (XSS) |
| Ovic Addon Toolkit | Broken Access Control (BAC) |
| Ovic Responsive WPBakery | Broken Access Control (BAC) |
| Page Builder: Live Composer | Broken Access Control (BAC) |
| Pardot | Broken Access Control (BAC) |
| Pathway Theme | Broken Access Control (BAC) |
| Payment Gateway Based Fees and Discounts for WooCommerce | Broken Access Control (BAC) |
| PeproDev Ultimate Invoice | Broken Access Control (BAC) |
| Photo Gallery by 10Web | Broken Access Control (BAC) |
| Piotnet Addons For Elementor Pro | Unauthenticated Arbitrary Post/Page Deletion (BAC) |
| Pocket News Generator | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| Podlove Podcast Publisher | Broken Access Control (BAC) |
| Podlove Podcast Publisher | Broken Access Control (BAC) |
| Poll Maker | Missing Authorization (BAC) to Unauthenticated Private Email Enumeration |
| Poll Maker | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
| Pop up | Broken Access Control (BAC) |
| Popup Anything | Broken Access Control (BAC) |
| Popup box | Missing Authorization (BAC) to Private Information Exposure |
| Popup by Supsystic | Broken Access Control (BAC) |
| Post Grid | Unauthenticated Password Protected Posts Access (BAC) |
| Post Type Builder (PTB) | Arbitrary Post/Page Creation (BAC) |
| PostX – Gutenberg Blocks for Post Grid | Post/Page Duplication (BAC) |
| PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
| Premmerce Product Filter for WooCommerce | Broken Access Control (BAC) |
| Prime Slider – Addons For Elementor | Broken Access Control (BAC) |
| Prime Slider – Addons For Elementor | Broken Access Control (BAC) |
| Print Invoice & Delivery Notes for WooCommerce | Broken Access Control (BAC) |
| Products, Order & Customers Export for WooCommerce | Broken Access Control (BAC) |
| Product Sort and Display for WooCommerce | Missing Authorization (BAC) |
| Profile Builder | Bypass (BAC) |
| ProfileGrid | Group Members Limit Bypass (BAC) |
| ProfileGrid | Missing Authorization (BAC) |
| PropertyHive | Missing Authorization (BAC) to Arbitrary Post Deletion (BAC) |
| Quick Featured Images | Missing Authorization (BAC) to Arbitrary Thumbnail Deletion (BAC) |
| Redirect Redirection | Broken Access Control (BAC) |
| Relevanssi | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
| Relevanssi Premium | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
| Responsive Lightbox | Broken Access Control (BAC) |
| Responsive Theme | Missing Authorization (BAC) to HMTL Injection |
| Restrict Content | Broken Access Control (BAC) |
| Reviews Plus | Broken Access Control (BAC) |
| RomethemeForm For Elementor | Broken Access Control (BAC) |
| Royal Elementor Addons | IP Bypass (BAC) |
| Royal Elementor Addons | Unauthenticated Limited File Upload (BAC) |
| RSS Redirect & Feedburner Alternative | Broken Access Control (BAC) |
| s2Member Pro | Privilege Escalation (BAC) |
| Salon booking system | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Save as PDF plugin by Pdfcrowd | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| SchedulePress | Broken Access Control (BAC) |
| Secure Copy Content Protection and Content Locking | Broken Access Control (BAC) |
| Secure Copy Content Protection and Content Locking | Broken Access Control (BAC) |
| Sendinblue for WooCommerce | Arbitrary File Download (BAC) and Deletion (BAC) |
| Send PDF for Contact Form 7 | Missing Authorization (BAC) |
| Shared Files | Broken Access Control (BAC) |
| Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy | Arbitrary Content Deletion (BAC) |
| Sharkdropship for AliExpress Dropship and Affiliate | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| Shortcode Addons | Broken Access Control (BAC) |
| ShortPixel Adaptive Images | Broken Access Control (BAC) |
| ShortPixel Critical CSS | Broken Access Control (BAC) |
| Simple Buttons Creator | Arbitrary Button Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
| Sirv | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
| SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimiser | Missing Authorization (BAC) |
| Smart Forms | Broken Access Control (BAC) |
| Smart Forms | Edit Entries via Broken Access Control (BAC) |
| Smart Online Order for Clover | Cross-Site Request Forgery (CSRF) Leading to Coupon Creation/Modification (BAC) |
| Smart Slider 3 | Missing Authorization (BAC) to Limited File Upload (BAC) |
| Social Media & Share Icons | Broken Access Control (BAC) |
| Social Pug | Unauthenticated Password Protected Posts Access (BAC) |
| Social Share Icons & Social Share Buttons | Broken Access Control (BAC) |
| Social Share Icons & Social Share Buttons | Broken Access Control (BAC) lead to Notice Dismissal |
| Social Snap | Broken Access Control (BAC) |
| Soledad Theme | Broken Access Control (BAC) |
| Soledad Theme | Unauthenticated Broken Access Control (BAC) |
| Speed Optimiser | Broken Access Control (BAC) |
| SSL Mixed Content Fix | Broken Access Control (BAC) |
| SSU | Broken Access Control (BAC) |
| Startupzy Theme | Broken Access Control (BAC) |
| Sticky Anything | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Subscribe2 | Broken Access Control (BAC) |
| Support Genix | Broken Access Control (BAC) lead to Arbitrary File Upload (BAC) |
| Template Kit – Import | Cross-Site Scripting (XSS) via template Upload (BAC) |
| Theme My Login | Broken Access Control (BAC) |
| Themify – WooCommerce Product Filter | Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| The Plus Blocks for Block Editor | Gutenberg | Broken Access Control (BAC) |
| Total Poll Lite | Broken Access Control (BAC) |
| Tracking Code Manager | Broken Access Control (BAC) |
| TrackShip for WooCommerce | Broken Access Control (BAC) |
| Ultimate Posts Widget | Broken Access Control (BAC) |
| User Registration | Privilege Escalation (BAC) |
| User Registration | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
| Vertice Theme | Broken Access Control (BAC) |
| Vision Interactive | Broken Access Control (BAC) |
| Vitepos | Broken Access Control (BAC) |
| VK Block Patterns | Broken Access Control (BAC) |
| WC Marketplace | Broken Access Control (BAC) |
| weForms | Form Submission Restriction Bypass (BAC) |
| Welcart e Commerce | Broken Access Control (BAC) |
| WooCommerce | Private/Draft Products Access (BAC) |
| WooCommerce Cart Abandonment Recovery | Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
| WordPress Backup & Migration | Missing Authorization (BAC) to Directory Traversal |
| WordPress Gallery Exporter | Arbitrary File Download (BAC) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Broken Access Control (BAC) |
| WP2LEADS | Broken Access Control (BAC) |
| WP Access (BAC)ibility Helper (WAH) | Broken Access Control (BAC) |
| WPC Frequently Bought Together for WooCommerce | Broken Access Control (BAC) |
| WPC Grouped Product for WooCommerce | Broken Access Control (BAC) |
| WP Club Manager | Broken Access Control (BAC) |
| WP Cookie Notice for PDPA, CCPA & ePrivacy Consent | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| WP Cost Estimation & Payment Forms Builder | Broken Access Control (BAC) |
| WP Datepicker | Arbitrary Options Update (BAC) to Privilege Escalation (BAC) |
| wpDiscuz | Cross-Site Scripting (XSS) via Upload (BAC)ed Image Alternative Text |
| WP Eggdrop | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| WP GoToWebinar | Broken Access Control (BAC) |
| WP LinkedIn Auto Publish | Broken Access Control (BAC) |
| WP Lister Lite for eBay | Arbitrary File Upload (BAC) |
| WP Page Post Widget Clone | Broken Access Control (BAC) |
| WP Photo Album Plus | Arbitrary File Upload (BAC) |
| WPPizza | Broken Access Control (BAC) |
| WP Poll Maker | Arbitrary File Deletion (BAC) |
| WP Poll Maker | Arbitrary File Upload (BAC) |
| WP Radio – Worldwide Online Radio Stations Directory for WordPress | Missing Authorization (BAC) |
| WP Social Comments | Broken Access Control (BAC) |
| WP Sort Order | Broken Access Control (BAC) |
| WP Stateless | Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC) |
| WP Time Slots Booking Form | Broken Access Control (BAC) |
| Wp Ultimate Review | Broken Access Control (BAC) on Review |
| WPZOOM Social Feed Widget & Block | Missing Authorization (BAC) to Instagram Image Deletion (BAC) |
| WZone | Arbitrary SQL Update (BAC) Execution |
| WZone | Privilege Escalation (BAC) |
| WZone | Site Wide Broken Access Control (BAC) |
| WZone | Unauthenticated Broken Access Control (BAC) |
| XStore Core | Limited Arbitrary File Download (BAC) |
| XStore Core | Limited Arbitrary File Upload (BAC) |
| XStore Core | Multiple Broken Access Control (BAC) |
| XStore Core | Unauthenticated Privilege Escalation (BAC) |
| XStore Theme | Arbitrary Option Update (BAC) |
| XStore Theme | Broken Access Control (BAC) |
| XStore Theme | Unauthenticated Broken Access Control (BAC) |
| Zero Spam | Bypass (BAC) Spam Protection |
| WordPress BAC & WP Broken Access Control reported in 2023: | 931 |
| WordPress BAC & WP Broken Access Control reported in 2024: | 615 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.