Discover managed ACQUISITION metrics for WordPress, WooCommerce, Shopify, SaaS. Managed for you on your domain, inside your hosting account, in your country. With a good managed monitoring strategy in place, you'll gain greater transparency & visibility into your operations with a timely alerting system.
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC MAY 2024 is a +109% INCREASE compared to previous month. Consider for your online safety, a managed security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these non-enforced access cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
| Checkout Payment Gateway for WooCommerce | Missing Authorization (BAC) via sniff_ins |
| 5 Stars Rating Funnel | Arbitrary Content Deletion (BAC) |
| 5 Stars Rating Funnel | Broken Access Control (BAC) |
| Academy LMS | Broken Access Control (BAC) |
| Accountra Theme | Broken Access Control (BAC) |
| ActiveDEMAND | Arbitrary File Upload (BAC) |
| Active Products Tables for WooCommerce | Broken Access Control (BAC) |
| Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
| Advanced Local Pickup for WooCommerce | Broken Access Control (BAC) |
| Advanced Post Block Post Grid for WordPress block editor | Missing Authorization (BAC) to Information Disclosure |
| Advanced Search | Shortcode Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Advanced Testimonial Carousel for Elementor | Broken Access Control (BAC) |
| AI Post Generator | AutoWriter | Broken Access Control (BAC) |
| All in One Video Gallery | Broken Access Control (BAC) |
| Althea WP Theme | Broken Access Control (BAC) |
| Announcer – Notification & message bars | Broken Access Control (BAC) |
| Appointment Hour Booking | Captcha Bypass (BAC) |
| AppPresser | Broken Access Control (BAC) |
| Arconix FAQ | Broken Access Control (BAC) |
| Arconix Shortcodes | Broken Access Control (BAC) |
| ARForms | Arbitrary File Deletion (BAC) |
| ARForms | Arbitrary Plugin Activation/Deactivation (BAC) |
| ARForms Form Builder | Broken Access Control (BAC) |
| ARForms Form Builder | Missing Authorization (BAC) to Arbitrary Option Deletion (BAC) |
| ARMember | Broken Access Control (BAC) |
| Aspose.Words Exporter | Broken Access Control (BAC) |
| Auto Poster | Arbitrary File Upload (BAC) |
| AWP Classifieds | Broken Access Control (BAC) |
| Backup Migration | Broken Access Control (BAC) |
| BackWPup | Unauthenticated Backup Download (BAC) |
| Barcode Scanner with Inventory & Order Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Barcode Scanner with Inventory & Order Manager | Unauthenticated Broken Access Control (BAC) |
| Barcode Scanner with Inventory & Order Manager | Unauthenticated Privilege Escalation (BAC) |
| BizPrint | Broken Access Control (BAC) |
| BookingPress | Arbitrary File Upload (BAC) |
| Booking Ultra Pro | Privilege Escalation (BAC) |
| Boostify Header Footer Builder for Elementor | Broken Access Control (BAC) |
| BP Better Messages | Broken Authentication (BAC) |
| Bricksforge | Unauthenticated Arbitrary WordPress Setting Deletion (BAC) |
| Brite Theme | Broken Access Control (BAC) |
| BuddyForms | Arbitrary File Read (BAC) and Server-Side Request Forgery (SSRF) |
| Captcha by BestWebSoft | Captcha Bypass (BAC) |
| Chauffeur Taxi Booking System for WordPress | Broken Authentication (BAC) |
| Church Admin | Arbitrary File Upload (BAC) |
| Church Admin | Broken Access Control (BAC) |
| Classified Listing | Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC) |
| Classified Listing | Cross-Site Request Forgery (CSRF) to Account Takeover via rtcl_Update (BAC)_user_account |
| Classified Listing | Missing Authorization (BAC) |
| Client Dash | Broken Access Control (BAC) |
| Clone | Broken Access Control (BAC) |
| Colibri WP Theme | Broken Access Control (BAC) |
| Contact Form & Lead Form Elementor Builder | Missing Authorization (BAC) |
| Content Control | Missing Authorization (BAC) to Private Private Information Exposure |
| Contest Gallery | Arbitrary File Deletion (BAC) |
| Conversational Forms for ChatBot | Arbitrary File Download (BAC) |
| CookieHub | Broken Access Control (BAC) |
| Country State City Dropdown CF7 | Missing Authorization (BAC) |
| Customer Reviews for WooCommerce | Missing Authorization (BAC) to Arbitrary Email Sending |
| Customer Reviews for WooCommerce | Missing Authorization (BAC) to Coupon Search |
| Custom Order Statuses for WooCommerce | Broken Access Control (BAC) |
| Custom Thank You Page Customize For WooCommerce by Binary Carpenter | Broken Access Control (BAC) |
| Dashboard Welcome for Elementor | Broken Access Control (BAC) |
| Data Tables Generator by Supsystic | Broken Access Control (BAC) |
| Delete Custom Fields | Cross-Site Request Forgery (CSRF) to Post Meta Deletion (BAC) |
| Demo My WordPress | Unauthenticated Privilege Escalation (BAC) |
| Download (BAC) Manager | File Password Lock Bypass (BAC) |
| Duplicate Post | Broken Access Control (BAC) |
| Easy Accept Payments | Broken Access Control (BAC) |
| Easy Property Listings | Broken Access Control (BAC) |
| Easy Social Share Buttons | Multiple Broken Access Control (BAC) |
| EleForms | Missing Authorization (BAC) to Private Private Information Exposure |
| Element Pack Pro | Arbitrary File Read (BAC) and Phar Deserialization |
| Elespare | Missing Authorization (BAC) to Arbitrary Post Creation (BAC) |
| Elevate WP Theme | Broken Access Control (BAC) |
| Email Subscribers & Newsletters | Broken Access Control (BAC) |
| EmbedPress | Broken Access Control (BAC) |
| EmbedPress | Broken Access Control (BAC) |
| Enhanced Text Widget | Broken Access Control (BAC) |
| ENL Newsletter | Campaign Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| EnvíaloSimple | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| EPROLO Dropshipping | Broken Access Control (BAC) |
| eRoom – Zoom Meetings & Webinar | Missing Authorization (BAC) to Private Information Exposure |
| Everest Backup | Arbitrary File Upload (BAC) |
| Evergreen Content Poster | Broken Access Control (BAC) |
| Exclusive Addons Elementor | Broken Access Control (BAC) |
| Fatal Error Notify | Broken Access Control (BAC) |
| Filter Custom Fields & Taxonomies Light | Broken Access Control (BAC) |
| Five Star Restaurant Reservations | Broken Access Control (BAC) |
| Flexible Checkout Fields for WooCommerce | Broken Access Control (BAC) |
| Flexible Shipping | Broken Access Control (BAC) |
| Forminator | Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC) |
| GG Woo Feed for WooCommerce | Broken Access Control (BAC) |
| Giveaways and Contests by RafflePress | IP Restriction Bypass (BAC) |
| Hugo WP Theme | Broken Access Control (BAC) |
| Hummingbird | Broken Access Control (BAC) |
| Image Watermark | Missing Authorization (BAC) to Watermark Modification |
| Import XML and RSS Feeds | Arbitrary File Upload (BAC) |
| Inline Related Posts | Password Protected Post Read (BAC) |
| Instant Images | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
| InstaWP Connect | Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed |
| InstaWP Connect | Broken Access Control (BAC) |
| Integrate Google Drive | Broken Access Control (BAC) |
| Integrate Google Drive | Broken Access Control (BAC) |
| Ivory Search | Missing Authorization (BAC) to Index Creation (BAC) |
| JS Help Desk – Best Help Desk & Support Plugin | Broken Access Control (BAC) |
| KB Support | Broken Access Control (BAC) |
| Knowledge Base documentation & wiki plugin – BasePress | Broken Access Control (BAC) |
| LearnPress | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Load More Anything | Broken Access Control (BAC) |
| LoginPress Pro | Captcha Bypass (BAC) |
| LoginPress Pro | Unauthenticated License Activation/Deactivation (BAC) |
| Login with phone number | Broken Access Control (BAC) |
| Login with phone number | Privilege Escalation (BAC) |
| Maintenance Mode by helderk | IP Bypass (BAC) |
| Master Addons for Elementor | Broken Access Control (BAC) on Duplicate Post |
| Masteriyo LMS | Privilege Escalation (BAC) |
| MasterStudy LMS | Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action |
| MaxGalleria | Missing Authorization (BAC) |
| Mega Addons For Elementor | Broken Access Control (BAC) |
| Metform Elementor Contact Form Builder | Broken Access Control (BAC) |
| MP3 Audio Player for Music, Radio & Podcast by Sonaar | Arbitrary File Download (BAC) |
| Multi Currency For WooCommerce | Broken Access Control (BAC) |
| MyRewards | Broken Access Control (BAC) |
| Newsletters | Arbitrary File Upload (BAC) |
| News Wall | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| NextGEN Gallery | Missing Authorization (BAC) to Unauthenticated Information Disclosure |
| NPS computy | Results Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Olive One Click Demo Import | Arbitrary File Download (BAC) |
| Open Close WooCommerce Store | Broken Access Control (BAC) |
| OrderConvo | Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC) |
| Order Limit for WooCommerce | Broken Access Control (BAC) |
| Otter Gutenberg Block | Limited File Upload (BAC) to Cross-Site Scripting (XSS) |
| Ovic Addon Toolkit | Broken Access Control (BAC) |
| Ovic Responsive WPBakery | Broken Access Control (BAC) |
| Page Builder: Live Composer | Broken Access Control (BAC) |
| Pardot | Broken Access Control (BAC) |
| Pathway Theme | Broken Access Control (BAC) |
| Payment Gateway Based Fees and Discounts for WooCommerce | Broken Access Control (BAC) |
| PeproDev Ultimate Invoice | Broken Access Control (BAC) |
| Photo Gallery by 10Web | Broken Access Control (BAC) |
| Piotnet Addons For Elementor Pro | Unauthenticated Arbitrary Post/Page Deletion (BAC) |
| Pocket News Generator | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| Podlove Podcast Publisher | Broken Access Control (BAC) |
| Podlove Podcast Publisher | Broken Access Control (BAC) |
| Poll Maker | Missing Authorization (BAC) to Unauthenticated Private Email Enumeration |
| Poll Maker | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
| Pop up | Broken Access Control (BAC) |
| Popup Anything | Broken Access Control (BAC) |
| Popup box | Missing Authorization (BAC) to Private Information Exposure |
| Popup by Supsystic | Broken Access Control (BAC) |
| Post Grid | Unauthenticated Password Protected Posts Access (BAC) |
| Post Type Builder (PTB) | Arbitrary Post/Page Creation (BAC) |
| PostX – Gutenberg Blocks for Post Grid | Post/Page Duplication (BAC) |
| PPOM for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file |
| Premmerce Product Filter for WooCommerce | Broken Access Control (BAC) |
| Prime Slider – Addons For Elementor | Broken Access Control (BAC) |
| Prime Slider – Addons For Elementor | Broken Access Control (BAC) |
| Print Invoice & Delivery Notes for WooCommerce | Broken Access Control (BAC) |
| Products, Order & Customers Export for WooCommerce | Broken Access Control (BAC) |
| Product Sort and Display for WooCommerce | Missing Authorization (BAC) |
| Profile Builder | Bypass (BAC) |
| ProfileGrid | Group Members Limit Bypass (BAC) |
| ProfileGrid | Missing Authorization (BAC) |
| PropertyHive | Missing Authorization (BAC) to Arbitrary Post Deletion (BAC) |
| Quick Featured Images | Missing Authorization (BAC) to Arbitrary Thumbnail Deletion (BAC) |
| Redirect Redirection | Broken Access Control (BAC) |
| Relevanssi | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
| Relevanssi Premium | Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC) |
| Responsive Lightbox | Broken Access Control (BAC) |
| Responsive Theme | Missing Authorization (BAC) to HMTL Injection |
| Restrict Content | Broken Access Control (BAC) |
| Reviews Plus | Broken Access Control (BAC) |
| RomethemeForm For Elementor | Broken Access Control (BAC) |
| Royal Elementor Addons | IP Bypass (BAC) |
| Royal Elementor Addons | Unauthenticated Limited File Upload (BAC) |
| RSS Redirect & Feedburner Alternative | Broken Access Control (BAC) |
| s2Member Pro | Privilege Escalation (BAC) |
| Salon booking system | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Save as PDF plugin by Pdfcrowd | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| SchedulePress | Broken Access Control (BAC) |
| Secure Copy Content Protection and Content Locking | Broken Access Control (BAC) |
| Secure Copy Content Protection and Content Locking | Broken Access Control (BAC) |
| Sendinblue for WooCommerce | Arbitrary File Download (BAC) and Deletion (BAC) |
| Send PDF for Contact Form 7 | Missing Authorization (BAC) |
| Shared Files | Broken Access Control (BAC) |
| Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy | Arbitrary Content Deletion (BAC) |
| Sharkdropship for AliExpress Dropship and Affiliate | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| Shortcode Addons | Broken Access Control (BAC) |
| ShortPixel Adaptive Images | Broken Access Control (BAC) |
| ShortPixel Critical CSS | Broken Access Control (BAC) |
| Simple Buttons Creator | Arbitrary Button Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Simple Registration for WooCommerce | Unauthenticated Privilege Escalation (BAC) |
| Sirv | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
| SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | Missing Authorization (BAC) |
| Smart Forms | Broken Access Control (BAC) |
| Smart Forms | Edit Entries via Broken Access Control (BAC) |
| Smart Online Order for Clover | Cross-Site Request Forgery (CSRF) Leading to Coupon Creation/Modification (BAC) |
| Smart Slider 3 | Missing Authorization (BAC) to Limited File Upload (BAC) |
| Social Media & Share Icons | Broken Access Control (BAC) |
| Social Pug | Unauthenticated Password Protected Posts Access (BAC) |
| Social Share Icons & Social Share Buttons | Broken Access Control (BAC) |
| Social Share Icons & Social Share Buttons | Broken Access Control (BAC) lead to Notice Dismissal |
| Social Snap | Broken Access Control (BAC) |
| Soledad Theme | Broken Access Control (BAC) |
| Soledad Theme | Unauthenticated Broken Access Control (BAC) |
| Speed Optimizer | Broken Access Control (BAC) |
| SSL Mixed Content Fix | Broken Access Control (BAC) |
| SSU | Broken Access Control (BAC) |
| Startupzy Theme | Broken Access Control (BAC) |
| Sticky Anything | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
| Subscribe2 | Broken Access Control (BAC) |
| Support Genix | Broken Access Control (BAC) lead to Arbitrary File Upload (BAC) |
| Template Kit – Import | Cross-Site Scripting (XSS) via template Upload (BAC) |
| Theme My Login | Broken Access Control (BAC) |
| Themify – WooCommerce Product Filter | Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| The Plus Blocks for Block Editor | Gutenberg | Broken Access Control (BAC) |
| Total Poll Lite | Broken Access Control (BAC) |
| Tracking Code Manager | Broken Access Control (BAC) |
| TrackShip for WooCommerce | Broken Access Control (BAC) |
| Ultimate Posts Widget | Broken Access Control (BAC) |
| User Registration | Privilege Escalation (BAC) |
| User Registration | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
| Vertice Theme | Broken Access Control (BAC) |
| Vision Interactive | Broken Access Control (BAC) |
| Vitepos | Broken Access Control (BAC) |
| VK Block Patterns | Broken Access Control (BAC) |
| WC Marketplace | Broken Access Control (BAC) |
| weForms | Form Submission Restriction Bypass (BAC) |
| Welcart e Commerce | Broken Access Control (BAC) |
| WooCommerce | Private/Draft Products Access (BAC) |
| WooCommerce Cart Abandonment Recovery | Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Missing Authorization (BAC) to Unauthenticated Settings Reset |
| WordPress Backup & Migration | Missing Authorization (BAC) to Directory Traversal |
| WordPress Gallery Exporter | Arbitrary File Download (BAC) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Broken Access Control (BAC) |
| WP2LEADS | Broken Access Control (BAC) |
| WP Access (BAC)ibility Helper (WAH) | Broken Access Control (BAC) |
| WPC Frequently Bought Together for WooCommerce | Broken Access Control (BAC) |
| WPC Grouped Product for WooCommerce | Broken Access Control (BAC) |
| WP Club Manager | Broken Access Control (BAC) |
| WP Cookie Notice for PDPA, CCPA & ePrivacy Consent | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| WP Cost Estimation & Payment Forms Builder | Broken Access Control (BAC) |
| WP Datepicker | Arbitrary Options Update (BAC) to Privilege Escalation (BAC) |
| wpDiscuz | Cross-Site Scripting (XSS) via Upload (BAC)ed Image Alternative Text |
| WP Eggdrop | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| WP GoToWebinar | Broken Access Control (BAC) |
| WP LinkedIn Auto Publish | Broken Access Control (BAC) |
| WP Lister Lite for eBay | Arbitrary File Upload (BAC) |
| WP Page Post Widget Clone | Broken Access Control (BAC) |
| WP Photo Album Plus | Arbitrary File Upload (BAC) |
| WPPizza | Broken Access Control (BAC) |
| WP Poll Maker | Arbitrary File Deletion (BAC) |
| WP Poll Maker | Arbitrary File Upload (BAC) |
| WP Radio – Worldwide Online Radio Stations Directory for WordPress | Missing Authorization (BAC) |
| WP Social Comments | Broken Access Control (BAC) |
| WP Sort Order | Broken Access Control (BAC) |
| WP Stateless | Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC) |
| WP Time Slots Booking Form | Broken Access Control (BAC) |
| Wp Ultimate Review | Broken Access Control (BAC) on Review |
| WPZOOM Social Feed Widget & Block | Missing Authorization (BAC) to Instagram Image Deletion (BAC) |
| WZone | Arbitrary SQL Update (BAC) Execution |
| WZone | Privilege Escalation (BAC) |
| WZone | Site Wide Broken Access Control (BAC) |
| WZone | Unauthenticated Broken Access Control (BAC) |
| XStore Core | Limited Arbitrary File Download (BAC) |
| XStore Core | Limited Arbitrary File Upload (BAC) |
| XStore Core | Multiple Broken Access Control (BAC) |
| XStore Core | Unauthenticated Privilege Escalation (BAC) |
| XStore Theme | Arbitrary Option Update (BAC) |
| XStore Theme | Broken Access Control (BAC) |
| XStore Theme | Unauthenticated Broken Access Control (BAC) |
| Zero Spam | Bypass (BAC) Spam Protection |
| WordPress BAC & WP Broken Access Control reported in 2023: | 931 |
| WordPress BAC & WP Broken Access Control reported in 2024: | 615 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.