Be informed about the latest Unauthenticated WP NOV 2024 - WP Security Circumvention, identified and reported publicly. It is a -15% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP NOV 2024 category:
| 123.chat | Unauthenticated Cross-Site Scripting (XSS) |
| AADMY | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| All-in-One WP Migration | Unauthenticated Private Information Disclosure from Error Logs |
| Cooked Pro | Unauthenticated Arbitrary File Upload (BAC) |
| Echo RSS Feed Post Generator Plugin for WordPress | Unauthenticated Privilege Escalation (BAC) |
| Enable Shortcodes inside Widgets,Comments and Experts | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
| EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
| Extra Product Options Builder for WooCommerce | Unauthenticated Cross-Site Scripting (XSS) |
| File Manager Pro | Unauthenticated Backup File Download (BAC) and Upload |
| File Manager Pro | Unauthenticated Limited JavaScript File Upload (BAC) |
| GiveWP | Unauthenticated PHP Object Injection (BAC) to Remote Code Execution (RCE) |
| GutenKit | Unauthenticated Arbitrary File Upload (BAC) |
| Hash Form | Unauthenticated Limited File Upload (BAC) |
| Hunk Companion | Missing Authorisation (BAC) to Unauthenticated Arbitrary Plugin Installation and Activation |
| KB Support | Missing Authorisation (BAC) to Unauthenticated Ticket Reply Exposure |
| LatePoint | Unauthenticated Arbitrary User Password Change from SQL Injection (SQLi) |
| Linkz.ai | Missing Authorisation (BAC) to Unauthenticated Plugin Settings Update (BAC) |
| Miniorange OTP Verification with Firebase | Unauthenticated Arbitrary User Password Change |
| Order Notification for Telegram | Missing Authorisation (BAC) to Unauthenticated Send Telegram Test Message |
| Rank Math SEO | Missing Authorisation (BAC) to Unauthenticated User and Term Metadata Insert, Update (BAC), and Delete |
| SendPulse Free Web Push | Unauthenticated Cross-Site Scripting (XSS) |
| SEOPress | Unauthenticated Broken Access Control (BAC) |
| Shortcodes AnyWhere | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Slimstat Analytics | Unauthenticated Cross-Site Scripting (XSS) |
| Spice Starter Sites | Missing Authorisation (BAC) to Unauthenticated Demo Content Import |
| Stackable | Unauthenticated CSS Injection (BAC) |
| Time Clock | Unauthenticated (Limited) Remote Code Execution (RCE) |
| Time Clock Pro | Unauthenticated (Limited) Remote Code Execution (RCE) |
| Timetics | Insecure Direct Object Reference (IDOR) to Unauthenticated Arbitrary User Password and Email Reset and Account Takeover (BAC) |
| TI WooCommerce Wishlist | Unauthenticated SQL Injection (SQLi) from lang parameters |
| Uix Shortcodes | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Wechat Social login | Unauthenticated Arbitrary File Upload (BAC) |
| WooCommerce | Unauthenticated HTML Injection (BAC) |
| WordPress File Upload (BAC) | Unauthenticated Path Traversal to Arbitrary File Read (BAC) and Deletion (BAC) in wfu_file_downloaderphp |
| WP-Advanced-Search | Unauthenticated SQL Injection (SQLi) |
| WPAdverts – Classifieds Plugin | Unauthenticated Cross-Site Scripting (XSS) from adverts_add Shortcode |
| WPIDE – File Manager & Code Editor | Unauthenticated Private Full Path Dislcosure |
| WP Popup Builder | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| WPS Telegram Chat | Unauthorized Access to Telegram Bot API |
| Wux Blog Editor | Unauthenticated Arbitrary File Upload (BAC) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 509 |
Unauthenticated WP FEB 2025 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP FEB 2025 – WP Security Circumvention, identified and reported publicly. It is a +26% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP JAN 2025 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP JAN 2025 – WP Security Circumvention, identified and reported publicly. It is a +2% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP DEC 2024 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP DEC 2024 – WP Security Circumvention, identified and reported publicly. It is a +44% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP OCT 2024 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP OCT 2024 – WP Security Circumvention, identified and reported publicly. It is a -26% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Table of Contents
