WP BAC AUG 2024: 172 Brutal WP Broken Access Control

WP BAC AUG 2024: WP Broken Access Control

Managed WP/Woo Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC AUG 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.

WHO needs managed WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC AUG 2024: WP Broken Access Control Patch Management.

ORDER NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

Academy LMS	Broken Access Control (BAC)
Add Admin CSS	Unauthenticated Full Path Disclosure (BAC)
Add Admin JavaScript	Unauthenticated Full Path Disclosure (BAC)
Addonify	Unauthenticated Full Path Disclosure (BAC)
Admin Post Navigation	Unauthenticated Full Path Disclosure (BAC)
Admin Trim Interface	Unauthenticated Full Path Disclosure (BAC)
Advanced AJAX Page Loader	Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Affiliate Manager	Profile Update (BAC) via Cross-Site Request Forgery (CSRF)
Affiliate Manager	Affiliate Deletion (BAC) via Cross-Site Request Forgery (CSRF)
AForms	Unauthenticated Full Path Disclosure (BAC)
AMP for WP	Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Aramex Shipping WooCommerce	Unauthenticated Full Path Disclosure (BAC)
Arconix FAQ	Broken Access Control (BAC)
Arconix Shortcodes	Broken Access Control (BAC)
ArtPlacer Widget	Arbitrary Widget Deletion (BAC)
Atarim	Broken Access Control (BAC)
aThemes Starter Sites	Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Attachment File Icons	Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Auto Featured Image (Auto Post Thumbnail)	Broken Access Control (BAC)
Backup and Staging by WP Time Capsule	Authentication Bypass and Privilege Escalation (BAC)
Bakes And Cakes Theme	Broken Access Control (BAC) on Notice Dismissal
Bit Form – Contact Form Plugin	Arbitrary File Upload (BAC)
BookingPress	Arbitrary File Read to Arbitrary File Creation (BAC)
BookingPress	Missing Authorization (BAC) to Arbitrary Options Update (BAC) and Arbitrary File Upload (BAC)
Booking Ultra Pro	Missing Authorization (BAC) to Plugin Settings Updates (BAC)
BookYourTravel Theme	Privilege Escalation (BAC)
Branda	Unauthenticated Full Path Disclosure (BAC)
Brizy – Page Builder	Arbitrary File Upload (BAC)
Brizy – Page Builder	Missing Authorization (BAC) to Post Modification (BAC)
Business Card	File Upload (BAC)
Business One Page Theme	Broken Access Control (BAC) on Notice Dismissal
Campaign Monitor for WordPress	Unauthenticated Full Path Disclosure (BAC)
Chained Quiz	Broken Access Control (BAC)
Charitable	Broken Access Control (BAC)
Church Admin	Arbitrary File Upload (BAC)
CM On Demand Search And Replace	Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF)
Comment Images Reloaded	Arbitrary Media Deletion (BAC)
Community Events	Event Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Conditional Fields for Contact Form	Cross-Site Request Forgery (CSRF) to Plugin Setting Reset (BAC)
Cost Calculator Builder	Missing Authorization (BAC) to Arbitrary Content Creation (BAC)
CRM Perks Forms	Broken Access Control (BAC)
CTX Feed	Arbitrary Options Update (BAC)
Custom Query Blocks	Broken Access Control (BAC)
Default Thumbnail Plus	Arbitrary File Upload (BAC)
Duplica	Missing Authorization (BAC) to Users/Posts Duplicates Creation (BAC)
Duplicator	Full Path Disclosure (BAC)
EazyDocs	Broken Access Control (BAC)
EleForms	Broken Access Control (BAC)
Email Subscribers & Newsletters	Missing Authorization (BAC)
EmbedPress	Broken Access Control (BAC)
Eventin	Missing Authorization (BAC) to Event Data Import
EventON	Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC)
Featured Image from URL	Broken Access Control (BAC)
Featured Image Generator	Missing Authorization (BAC) to Images Upload (BAC)
File Manager Advanced Shortcode	Arbitrary File Upload (BAC)
Funnel Builder for WordPress by FunnelKit	Cross-Site Scripting (XSS) via SVG Upload (BAC)
Funnel Builder for WordPress by FunnelKit	Missing Authorization (BAC) to Settings Update (BAC)
Generate PDF using Contact Form	Cross-Site Request Forgery (CSRF) to Arbitrary File Deletion (BAC)
Generate PDF using Contact Form	Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Get Better Reviews for WooCommerce	Broken Access Control (BAC)
Glossary	Unauthenticated Full Path Disclosure (BAC)
Gravity Forms: Multiple Form Instances	Unauthenticated Full Path Disclosure (BAC)
Hide My WP Ghost	Hidden Login Page Disclosure (BAC)
IgnitionDeck	Missing Authorization (BAC)
IMGspider	Arbitrary File Upload (BAC)
Import Spreadsheets from Microsoft Excel	Arbitrary File Upload (BAC)
Insert or Embed Articulate Content into WordPress	Arbitrary File Upload (BAC)
Intelligence	Unauthenticated Full Path Disclosure (BAC)
iPanorama 3 WordPress Virtual Tour Builder	Broken Access Control (BAC)
IQ Testimonials	Unauthenticated Arbitrary File Upload (BAC)
JetThemeCore	Arbitrary File Deletion (BAC)
Jobmonster Theme	Unauthenticated Arbitrary File Deletion (BAC)
Jobmonster Theme	Unauthenticated Privilege Escalation (BAC)
JSON API User	Unauthenticated Privilege Escalation (BAC)
Just Custom Fields	Missing Authorization (BAC) via AJAX actions
Keydatas	Unauthenticated Arbitrary File Upload (BAC)
Language Translate Widget for WordPress – ConveyThis	Nonarbitrary Options Update (BAC)
Laposta	Unauthenticated Full Path Disclosure (BAC)
LearnDash LMS – Reports	Missing Authorization (BAC) to Plugin Settings Update (BAC)
LearnPress	Missing Authorization (BAC) to Unauthenticated User Registration Bypass
Light Poll	Poll Answers Deletion (BAC) via Cross-Site Request Forgery (CSRF)
MasterStudy LMS	Privilege Escalation (BAC) to Instructor
MaxiBlocks	Arbitrary File Deletion (BAC)
Media Hygiene	Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC)
Media.net Ads Manager	Missing Authorization (BAC) to Arbitrary File Upload (BAC)
Meks Video Importer	Broken Access Control (BAC)
Metro Magazine Theme	Broken Access Control (BAC) on Notice Dismissal
Modern Events Calendar	Arbitrary File Upload (BAC)
Modern Events Calendar Lite	Arbitrary File Upload (BAC)
Motors – Car Dealer & Classified Ads	Missing Authorization (BAC)
Newsmatic Theme	Broken Access Control (BAC)
Newspack Content Converter	Broken Access Control (BAC)
Newspack Newsletters	Broken Access Control (BAC)
Noptin	Broken Access Control (BAC)
One Click Close Comments	Unauthenticated Full Path Disclosure (BAC)
One Click Order ReOrder	Missing Authorization (BAC) to Cross-Site Scripting (XSS)
Optimize images ALT Text (alt tag) & names for SEO using AI	Unauthenticated Full Path Disclosure (BAC)
Packlink PRO shipping module	Broken Access Control (BAC)
Pardakht Delkhah	Form Fields Reset (BAC) via Cross-Site Request Forgery (CSRF)
Payflex Payment Gateway	Missing Authorization (BAC) to Order Status Update
Pie Register	Missing Authorization (BAC) to Arbitrary Plugin Installation and Activation/Deactivation
Plum: Spin Wheel & Email Popup	Broken Access Control (BAC)
Plum: Spin Wheel & Email Popup	Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS)
PowerPack for Beaver Builder	Privilege Escalation (BAC)
PowerPack Pro for Elementor	Privilege Escalation (BAC)
Pricing Table	Missing Authorization (BAC)
Product Delivery Date for WooCommerce – Lite	Broken Access Control (BAC)
Product Designer	Arbitrary Content Deletion (BAC)
Product Designer	Missing Authorization (BAC) to Unauthenticated Arbitrary Attachment Deletion (BAC)
Profile Builder	Unauthenticated Media Upload (BAC)
ProfileGrid	Broken Access Control (BAC)
ProfileGrid	Privilege Escalation (BAC)
Quotes And Tips	Arbitrary File Upload (BAC)
Realtyna Organic IDX plugin	Arbitrary File Upload (BAC)
ReDi Restaurant Reservation	Broken Access Control (BAC)
Redux Framework	Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS)
Responsive Image Gallery, Gallery Album	Broken Access Control (BAC)
SchedulePress	Unauthenticated Full Path Disclosure (BAC)
ScrollTo Bottom	Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
ScrollTo Top	Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Seraphinite Accelerator (Full, premium)	Cross-Site Request Forgery (CSRF) Leading to Arbitrary File Deletion (BAC)
Seraphinite Post .DOCX Source	Broken Access Control (BAC)
Simple Photoswipe	Arbitrary Settings Update (BAC)
Sirv	Missing Authorization (BAC) to Plugin Settings Update (BAC)
SiteGround Security	Broken Access Control (BAC)
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer	Unauthenticated Full Path Disclosure (BAC)
Social Auto Poster	Arbitrary File Upload (BAC)
Social Auto Poster	Missing Authorization (BAC) to Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template
Social Auto Poster	Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Social Auto Poster	Missing Authorization (BAC) via Multiple Functions
Spectra	Broken Access Control (BAC)
SULly	Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF)
Support SVG	Cross-Site Scripting (XSS) via SVG Upload (BAC)
SVG Block	Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Tainacan	Missing Authorization (BAC) to Arbitrary File Read
The Post Grid	Broken Access Control (BAC)
Titan Antispam & Security	Broken Access Control (BAC)
Tutor LMS – Migration Tool	Missing Authorization (BAC) in tutor_lp_export_xml and tutor_import_from_xml
Ultimate Addons for Elementor	Privilege Escalation (BAC)
Ultimate Auction	Missing Authorization (BAC) to Unauthenticated Email Creation (BAC)
User Activity Log Pro	Multiple Broken Access Control (BAC)
Web and WooCommerce Addons for WPBakery Builder	Missing Authorization (BAC) to Plugin Settings Modification (BAC)
Wholesale Suite	Broken Access Control (BAC)
Woffice Core	Unauthenticated Broken Access Control (BAC)
Woocommerce OpenPos	Unauthenticated Arbitrary File Deletion (BAC)
WooCommerce Product Table Lite	Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WordPress Cliengo Chatbot plugin	Missing Authorization (BAC) to Authorized Chatbot Settings Update (BAC)
WordPress Cliengo Chatbot plugin	Missing Authorization (BAC) to Unauthenticated Chatbot Settings Update (BAC)
WordPress Form Builder Plugin – Gutenberg Forms	Unauthenticated Arbitrary File Upload (BAC)
WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin	Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WP Accessibility Helper (WAH)	Broken Access Control (BAC)
WP Ajax Contact Form	Arbitrary Email Deletion (BAC) via Cross-Site Request Forgery (CSRF)
WP EasyPay	Missing Authorization (BAC) to Unauthenticated Service Disconnection
WP eMember	Arbitrary File Upload (BAC)
WP eStore	Coupon Deletion (BAC) via Cross-Site Request Forgery (CSRF)
WP Fast Total Search	Broken Access Control (BAC)
WPForms User Registration	Privilege Escalation (BAC)
WP GoToWebinar	Broken Access Control (BAC)
WP Links Page	Missing Authorization (BAC) to Limited Image Update
WP Meteor Page Speed Optimization Topping	Unauthenticated Full Path Disclosure (BAC)
WP Mobile Menu	Missing Authorization (BAC) to _mobmenu_icon Post Meta Modification (BAC)
WP Popups	Unauthenticated Full Path Disclosure (BAC)
WP QuickLaTeX	Cross-Site Scripting (XSS) in Background Color field
WP RSS Aggregator	Missing Authorization (BAC) to Feed State Update
WPS Hide Login	Hidden Login Page Disclosure (BAC)
WP User Switch	Privilege Escalation (BAC)
XCloner Backup, Restore and Migrate	Unauthenticated Full Path Disclosure (BAC)
XPlainer WooCommerce Product FAQ	Missing Authorization (BAC) to Cross-Site Scripting (XSS)
XPlainer WooCommerce Product FAQ	Missing Authorization (BAC) to Settings Update (BAC)
YITH Essential Kit for WooCommerce #1	Missing Authorization (BAC) to Limited Plugin Install, Activation, and Deactivation
Youzify	Broken Access Control (BAC)
Zephyr Project Manager	Privilege Escalation (BAC)

WP BAC & WordPress Broken Access Control reported in 2023:	931
WP BAC & WordPress Broken Access Control reported in 2024:	1063

WHO needs managed WP Maintenance? EVERYBODY!

Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP BAC AUG 2024: WP Broken Access Control Patch Management.

START HERE

Security is not a single-task job

Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

BUY NOW

MANAGED WP/Woo SECURITY: WP Broken Access Control – WP Broken Access Control Related Posts

WP BAC OCT 2024: 97 Brutal WP Broken Access Control

WP BAC OCT 2024: WP Broken Access Control Managed WP/Woo Security Report Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC OCT 2024 is a -45% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative…

WP BAC SEP 2024: 176 Brutal WP Broken Access Control

WP BAC SEP 2024: WP Broken Access Control Managed WP/Woo Security Report Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC SEP 2024 is a +2% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative…

WP BAC JUL 2024: 163 Brutal WP Broken Access Control

WP BAC JUL 2024: WP Broken Access Control Managed WP/Woo Security Report Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC JUL 2024 is a +44% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative…

WP BAC JUN 2024: 113 Brutal WP Broken Access Control

WP BAC JUN 2024: WP Broken Access Control Managed WP/Woo Security Report Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC JUN 2024 is a -58% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative…

Table of Contents