Be informed about the latest Unauthenticated WP OCT 2024 - WP Security Circumvention, identified and reported publicly. It is a -26% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP OCT 2024 category:
| Affiliate Super Assistent | Unauthenticated Arbitrary Shortcode Execution |
| AI ChatBot with ChatGPT and Content Generator by AYS | Unauthenticated AJAX Calls |
| AI ChatBot with ChatGPT and Content Generator by AYS | Unauthenticated OpenAI Key Private Disclosure |
| BA Book Everything | Unauthenticated Arbitrary User Password Reset |
| Bit File Manager | Unauthenticated Remote Code Execution (RCE) from Race Condition |
| Community by PeepSo | Unauthenticated Private Full Path Disclosure |
| Contact Form to Any API | Unauthenticated Cross-Site Scripting (XSS) from Contact Form |
| Cost Calculator Builder Pro | Unauthenticated Price Manipulation |
| Custom Post Limits | Unauthenticated Private Full Path Disclosure |
| EventPrime | Missing Authorisation (BAC) to Unauthenticated Password-Protected-Events Private Disclosure |
| EventPrime | Missing Authorisation (BAC) to Unauthenticated Private-Events Private Disclosure |
| Flaming Forms | Unauthenticated Cross-Site Scripting (XSS) |
| GiveWP | Unauthenticated PHP Object Injection to Remote Code Execution (RCE) |
| GiveWP | Unauthenticated PHP Object Injection to Remote Code Execution (RCE) |
| JupiterX Core | Unauthenticated Authentication Bypass (BAC) to Account Takeover (BAC) |
| JupiterX Core | Unauthenticated Arbitrary File Upload (BAC) |
| LearnPress | Unauthenticated SQL Injection (SQLi) from 'c_fields' |
| LearnPress | Unauthenticated SQL Injection (SQLi) from 'c_only_fields' |
| LiteSpeed Cache | Unauthenticated Account Takeover (BAC) from Cookie Leak |
| Multi Step for Contact Form | Unauthenticated SQL Injection (SQLi) |
| myCred | Missing Authorisation (BAC) to Unauthenticated Database Upgrade |
| Ninja Forms File Upload Extension | Unauthenticated Cross-Site Scripting (XSS) from File Upload (BAC) |
| nm-visitors | Unauthenticated Cross-Site Scripting (XSS) from HTTP Header |
| PixelYourSite PRO | Unauthenticated Private Information Exposure and Log Deletion (BAC) |
| PixelYourSite – Your smart PIXEL (TAG) Manager | Unauthenticated Private Information Exposure and Log Deletion (BAC) |
| Remember Me Controls | Unauthenticated Private Full Path Disclosure |
| REST API TO MiniProgram | Unauthenticated Arbitrary User Email Update (BAC) and Privilege Escalation (BAC) from Account Takeover (BAC) |
| REST API TO MiniProgram | Unauthenticated SQL Injection (SQLi) |
| Revolut Gateway for WooCommerce | Missing Authorisation (BAC) to Unauthenticated Order Status Update (BAC) |
| Sensei LMS | Unauthenticated Email Template Leak |
| Simple Spoiler | Unauthenticated Arbitrary Shortcode Execution |
| SmartSearch WP | Unauthenticated OpenAI Key Private Disclosure |
| Special Text Boxes | Unauthenticated Arbitrary Shortcode Execution |
| Thanh Toán Quét Mã QR Code Tự Động | Unauthenticated Cross-Site Scripting (XSS) |
| The Events Calendar | Unauthenticated Cross-Site Scripting (XSS) |
| The Events Calendar | Unauthenticated SQL Injection (SQLi) |
| Viral Signup | Unauthenticated SQL Injection (SQLi) |
| Webo-facto | Unauthenticated Privilege Escalation (BAC) |
| WooCommerce Photo Reviews - Review Reminders - Review for Discounts | Authentication Bypass (BAC) to Account Takeover (BAC) and Privilege Escalation (BAC) |
| WOOCS – WooCommerce Currency Switcher | Unauthenticated Arbitrary Shortcode Execution |
| WooEvents | Unauthenticated Arbitrary File Overwrite (BAC) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Unauthenticated Arbitrary Shortcode Execution |
| WPCOM Member | Unauthenticated Privilege Escalation (BAC) from User Meta |
| WP Hardening | Unauthenticated Security Feature Bypass (BAC) to Username Enumeration |
| WP Job Portal | Unauthenticated Local File Inclusion (LFi) , Arbitrary Settings Update (BAC) , and User Creation (BAC) |
| WP MultiTasking | Cross-Site Scripting (XSS) |
| WP-Recall | Insecure Direct Object Reference (IDOR) to Unauthenticated Arbitrary Password Update (BAC) |
| WPvivid Backup and Migration | Unauthenticated Private Data Exposure |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 468 |
Unauthenticated WP FEB 2025 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP FEB 2025 – WP Security Circumvention, identified and reported publicly. It is a +26% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP JAN 2025 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP JAN 2025 – WP Security Circumvention, identified and reported publicly. It is a +2% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP DEC 2024 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP DEC 2024 – WP Security Circumvention, identified and reported publicly. It is a +44% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Unauthenticated WP NOV 2024 Managed WordPress / WooCommerce Security Report Be informed about the latest Unauthenticated WP NOV 2024 – WP Security Circumvention, identified and reported publicly. It is a -15% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR –…
Table of Contents
