MANAGED WP GDPR MAY 2024 REPORT
WP Private Data Exposed
Be informed about the latest WP GDPR MAY 2024 - WP Private Data Exposed, identified and reported publicly. These Sensitive or Private Data Exposed have a severe negative financial impact on any business. Consider our WP/Woo GDPR audit.
It is a +44% INCREASE compared to previous month, as specifically targeted WordPress Sensitive Data Exposed. Consider for your online safety, a tailored WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP GDPR Plugin - OR - Hire professionals for managed WP GDPR.
The following cases made headlines PUBLICLY in the GDPR MAY 2024 & WP Private Data Exposed category:
| Assistant – Every Day Productivity Apps | Private Data Exposure |
| Backup Migration | Private Data Exposure via Log |
| Beaver Themer | Private Private Information Exposure via shortcode |
| Blog2Social | Private Information Exposure |
| BoldGrid Easy SEO | Private Information Exposure |
| CGC Maintenance Mode | Private Private Information Exposure |
| Citadela Listing | Unauthenticated Private Data Exposure |
| Contact Form Email | Private Data Exposure |
| Content Control | Missing Authorization (BAC) to Private Private Information Exposure |
| ConvertKit | Private Email Disclosure in Log File |
| WordPress Core | Private Private Information Exposure via redirect_guess__permalink vulnerability |
| EAN for WooCommerce | Insecure Direct Object Reference (IDOR) to Private Information Exposure via Shortcode |
| Easy Custom Auto Excerpt | Private Private Information Exposure |
| Easy Digital Downloads | Private Private Information Exposure |
| EleForms | Missing Authorization (BAC) to Private Private Information Exposure |
| Element Pack Elementor Addons | Private Private Information Exposure via element_pack_ajax_search |
| Email Customizer for WooCommerce | Private Data Exposure |
| eRoom – Zoom Meetings & Webinar | Missing Authorization (BAC) to Private Information Exposure |
| Essential Addons for Elementor | Unauthenticated Private Private Information Exposure |
| Essential Addons for Elementor | Private Information Exposure |
| Essential Grid | Unauthenticated Private Post Disclosure |
| FG Drupal to WordPress | Private Data Exposure via Log File |
| FG Joomla to WordPress | Private Data Exposure via Log File |
| Frontend Dashboard | Private Data Exposure on PII |
| Happy Addons for Elementor | Incorrect Authorization to Private Information Exposure |
| HT Mega | Private Private Information Exposure via purchased_products |
| HT Mega | Private Data Exposure |
| Leadinfo | Cross-Site Request Forgery (CSRF) |
| Newsletters | Private Data Exposure |
| Poll Maker | Missing Authorization (BAC) to Unauthenticated Private Email Enumeration |
| Popup box | Missing Authorization (BAC) to Private Information Exposure |
| Post Grid | Private Data Exposure via API |
| Premium Addons for Elementor | Private Data Exposure |
| Product Feed PRO for WooCommerce | Private Data Exposure |
| Radio Player | Private Data Exposure |
| SearchIQ | Private Data Exposure via Log File |
| Simply Static | Private Data Exposure via Log File |
| Slideshow Gallery | Private Data Exposure |
| Solid Affiliate | Private Data Exposure via Log File |
| StreamWeasels Twitch Integration | API Private Data Exposure |
| Subscribe To Comments Reloaded | Private Data Exposure |
| User Meta | Private Data Exposure |
| User Spam Remover | Private Data Exposure via Log File |
| USPS Shipping for WooCommerce – Live Rates | Private Data Exposure via Log File |
| VikRentCar | Private Data Exposure via Invoices |
| Watu Quiz | Private Information Disclosure |
| WooCommerce | Private/Draft Products Access (BAC) |
| WooCommerce Customers Manager | Private Email Disclosure |
| WordPress | Private Private Information Exposure via redirect_guess__permalink |
| WordPress Backup & Migration | Private Data Exposure via Log File |
| WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content | Private Private Information Exposure via insufficiently protected files |
| WPFront User Role Editor | Limited Private Information Exposure |
| WP Fusion Lite | Private Data Exposure |
| WP GDPR Compliance | Cross-Site Request Forgery (CSRF) |
| WP Google Analytics Events | Cross-Site Scripting (XSS) |
| WP Google Maps | Private Information Exposure to Potential Denial of Service |
| WP Members | Unprotected Storage of Potentially Private Files |
| WP Meta SEO | Private Information Exposure via Meta Description |
| WP Show Posts | Improper Authorization to Private Information Exposure |
| WP STAGING – Backup Duplicator & Migration | Private Private Information Exposure via Log File |
| Wp Staging Pro | Private Private Information Exposure via Log File |
| WordPress GDPR & WP Private Data Exposed reported in 2023: | 137 |
| WordPress GDPR & WP Private Data Exposed reported in 2024: | 182 |
What kind of Sensitive Data are exploited??
Sensitive information includes all Private Data, whether original or copied, which contains:
- Personal data: as defined by The EU General Data Protection Regulation (WP/Woo GDPR). A series of broad laws to prevent or discourage identity theft and to guard and protect individual privacy. In general, sensitive data is any data that reveals: Racial or ethnic origin; Political opinion; Religious or philosophical beliefs; Trade union membership; Genetic data; Biometric data; Health data; Sex life or sexual orientation; Financial information (bank account numbers and credit card numbers); Classified information.
- Protected Health Information (PHI): as defined by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). PHI under the law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity (or a third-party associate) that can be linked to a specific individual.
- Education records: as defined by the Family Educational Rights and Privacy Act of 1974 (FERPA). FERPA governs access to educational information and records by potential employers, publicly funded educational institutions, and foreign governments.
- Customer information: as required by financial institutions to explain how they share and protect their customers' private information.
MANAGED GDPR for your WP/Woo: WP Private Data Exposed
Table of Contents
- MANAGED WP GDPR MAY 2024 REPORT
- WP Private Data Exposed
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Private Data Exposed Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Private Data Exposed Patch Management.
- Get security LIVEPATCH
- Stay informed
- What kind of Sensitive Data are exploited??
