18 Unrestricted Access FEB 2021
Managed WordPress Security Report
Be informed about the latest Unrestricted Access FEB 2021 – WP Security Circumvention, identified and reported publicly. These breaches create even more problems and vulnerability exploitation with a severe negative impact on any WordPress Security. Consider our FREE security AUDIT.
An estimated 2.169.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. The estimated number can double with premium versions as they are private purchases.
Furthermore, the initial estimation can multiply if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.
It is a 339% increase of targeted active WordPress installations, compared to January 2022. Read more about our previous report here: 18 Unrestricted Access JAN 2021 – WP Security Circumvention. The following cases made headlines PUBLICLY just last month in the SQL Injections FEB 2021 category:
- Under Construction, Coming Soon & Maintenance Mode < 1.1.2 - Server Side Request Forgery (SSRF)
- Under Construction, Maintenance Mode or Coming Soon landing page is needed when you are working hard to launch your website. This plugin helps you to post a message to your users while you can work behind the scenes. Active installations: 2,000+
- YITH WooCommerce Gift Cards < 3.3.1 - RCE via Arbitrary File Upload
- The new version of our YITH WooCommerce Gift Card is the free and easy solution to start selling gift cards on your e-commerce. We have updated the plugin to make it even more effective, innovative and easier to use. Active installations: 8,000+
- WordPress Mega Menu – QuadMenu < 2.0.7 - Unauthenticated RCE via compiler_save
- The best responsive mega menu designed for theme developers with customizable menu layouts and megamenu drag & drop fields. Active installations: 20,000+
- WordPress Backup and Migrate Plugin – Backup Guard < 1.6.0 - Authenticated Arbitrary File Upload
- Backup Guard is the most complete WordPress backup plugin. We offer the easiest way to Backup, Restore and Migrate your WordPress website. You can backup and restore your WordPress files, database or both. Active installations: 70,000+
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34.1 - Authenticated OAuth Connection Key Disclosure
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34 - Administrator Open Redirect
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million
- Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress < 3.4.34 - Authenticated SendWP Plugin Installation and Client Secret Key Disclosure
- Use Ninja Forms to create beautiful, user friendly WordPress forms that will make you feel like a professional web developer! Active installations: 1+ million