WP BAC MAY 2025: WP Broken Access Control
Managed WP/Woo Security Report
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC MAY 2025 is a +99% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, โ OR โ switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
| 1-Click Backup & Restore Database | Broken Access Control (BAC) |
| 6Storage Rentals | Broken Access Control (BAC) |
| Accessibility Suite | Arbitrary File Upload (BAC) |
| ACME Divi Modules | Broken Access Control (BAC) |
| ActiveDEMAND | Broken Access Control (BAC) |
| Add Product Frontend for WooCommerce | Arbitrary Content Deletion (BAC) |
| AdMail โ Multilingual Back in-Stock Notifier for WooCommerce | Broken Access Control (BAC) |
| Admin and Site Enhancements (ASE) | Password Protection Bypass (BAC) |
| Administrator Z | Privilege Escalation (BAC) |
| Administrator Z | Directory Traversal (BAC) |
| Advanced Accordion Gutenberg Block | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Advanced Dynamic Pricing for WooCommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Advanced Google Maps | Broken Access Control (BAC) |
| Advanced Linked Variations for Woocommerce | Broken Access Control (BAC) |
| Aeropage Sync for Airtable | Arbitrary File Upload (BAC) |
| Aeropage Sync for Airtable | Missing Authorization (BAC) to Arbitrary Post Deletion |
| Age Gate | Broken Access Control (BAC) |
| Agency Toolkit | Broken Access Control (BAC) |
| AI Content Pipelines | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| AI Hub Theme | Arbitrary File Upload (BAC) |
| Ai Image Alt Text Generator for WP | Broken Access Control (BAC) |
| AI Text to Speech | Broken Access Control (BAC) |
| AnalyticsWP | Broken Access Control (BAC) |
| Anant Addons for Elementor | Cross-Site Request Forgery (CSRF) and Arbitrary Plugin Installation (BAC) |
| Anps Theme | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| AnyTrack Affiliate Link Manager | Broken Access Control (BAC) |
| Apimo Connector | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Append Content | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Appointify | Arbitrary File Upload (BAC) |
| Appointment Booking Calendar | Broken Access Control (BAC) |
| Appointy Appointment Scheduler | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Apptivo Business Site CRM | Arbitrary Content Deletion (BAC) |
| Asgaros Forum | File Upload (BAC) Numbers Bypass (BAC) |
| Astra Security Suite | Broken Access Control (BAC) |
| AtomChat | Broken Access Control (BAC) |
| Auto Post After Image Upload | Broken Access Control (BAC) |
| Automatic Featured Images from Videos | Broken Access Control (BAC) |
| Avatar | Arbitrary File Deletion (BAC) |
| azurecurve Shortcodes in Comments | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Barcode Generator for WooCommerce | Arbitrary Content Deletion (BAC) |
| Barcode Generator for WooCommerce | Arbitrary Content Deletion (BAC) |
| Barcode Generator for WooCommerce | Settings Change (BAC) |
| Basic Interactive World Map | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| BERTHA AI | Arbitrary Content Deletion (BAC) |
| Bit Form โ Contact Form Plugin | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Bloggie Theme | Arbitrary File Upload (BAC) |
| BM Content Builder | Missing Authorization (BAC) to Arbitrary Options Update (BAC) |
| Booking and Rental Manager | Broken Access Control (BAC) |
| Booking and Rental Manager | Broken Access Control (BAC) |
| Booking Calendar and Notification | Broken Authentication (BAC) |
| Bookingor | Broken Access Control (BAC) |
| Booster for WooCommerce | Unauthenticated Arbitrary File Upload (BAC) |
| Breaking News WP | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Bring Fraktguiden for WooCommerce | Broken Access Control (BAC) |
| Brizy Pro | Broken Access Control (BAC) |
| Broadstreet | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Buddypress Force Password Change | Account Takeover (BAC) from Password Update (BAC) |
| Buddypress Humanity | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Bulk Theme | Broken Access Control (BAC) |
| Bulk Theme Assign Linked Products For WooCommerce | Broken Access Control (BAC) |
| Bulk Theme Fields Editor | Broken Access Control (BAC) |
| Car Park Booking System for WordPress | Broken Access Control (BAC) |
| CartBoss | Broken Access Control (BAC) |
| Category Icon | Arbitrary File Download (BAC) |
| Celestial Aura Theme | Arbitrary File Upload (BAC) |
| CF7 Spreadsheets | Settings Change (BAC) |
| Chat by Chatwee | Broken Access Control (BAC) |
| Checkout Mestres WP | Privilege Escalation (BAC) |
| Clients | Broken Access Control (BAC) |
| Cloak Front End Email | Broken Access Control (BAC) |
| Clockinator Lite | Broken Access Control (BAC) |
| CM Registration and Invitation Codes | Broken Access Control (BAC) |
| Configurator Theme Core | Privilege Escalation (BAC) |
| Connector to CiviCRM with CiviMcRestFace | Broken Access Control (BAC) |
| ContentMX Content Publisher | Broken Access Control (BAC) |
| Course Booking System | Broken Access Control (BAC) |
| Crossword Compiler Puzzles | Arbitrary File Upload (BAC) |
| Cryptocurrency Widgets Pack | Broken Access Control (BAC) |
| Cue | Broken Access Control (BAC) |
| Custom Login and Registration | Broken Access Control (BAC) |
| Customify Theme | Broken Access Control (BAC) |
| Customize Login Page | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Dashi | Broken Access Control (BAC) |
| Database Toolset | Arbitrary File Deletion (BAC) |
| Demo Awesome | Missing Authorization (BAC) to Plugin Activation |
| DethemeKit For Elementor | Broken Access Control (BAC) |
| Display product variations dropdown on shop page | Broken Access Control (BAC) |
| Docxpresso | Arbitrary File Download (BAC) |
| Doppler Forms | Broken Access Control (BAC) |
| Download Alt Text AI | Broken Access Control (BAC) |
| Download Manager | Arbitrary File Deletion (BAC) |
| Download Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Dynamic Post | Settings Change (BAC) |
| Easy WP Optimizer | Broken Access Control (BAC) |
| Easy!Appointments | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| eaSYNC | Broken Access Control (BAC) |
| Eazy Plugin Manager | Broken Access Control (BAC) |
| EazyDocs | Broken Access Control (BAC) |
| Eduma Theme | Broken Access Control (BAC) |
| ELEX WooCommerce Request a Quote | Broken Access Control (BAC) |
| Elfsight Testimonials Slider | Broken Access Control (BAC) |
| Elfsight Testimonials Slider | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Email Notifications for Updates | Privilege Escalation (BAC) |
| Embedder | Arbitrary Options Update (BAC) |
| Essential Breadcrumbs | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Everest Forms | Arbitrary Shortcode Execution (BAC) |
| Eximius Theme | Arbitrary File Upload (BAC) |
| Export All Post Meta | Broken Access Control (BAC) |
| Flo Forms | Broken Access Control (BAC) |
| Flynax Bridge | Unauthenticated Privilege Escalation (BAC) from Account Takeover (BAC) |
| Flynax Bridge | Unauthenticated Privilege Escalation (BAC) from Password Update (BAC) |
| Fonto | Arbitrary File Download (BAC) |
| Form Builder | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| FPW Category Thumbnails | Broken Access Control (BAC) |
| Free Woocommerce Product Table View | Arbitrary Content Deletion (BAC) |
| Free Woocommerce Product Table View | Broken Access Control (BAC) |
| Front End Users | Unauthenticated Arbitrary File Upload (BAC) |
| Frontend Login and Registration Blocks | Privilege Escalation (BAC) from Password Reset |
| FS Poster | Site Wide Broken Access Control (BAC) |
| GB Gallery Slideshow | Broken Access Control (BAC) |
| GDPR Cookie Notice | Broken Access Control (BAC) |
| GetBookingsWP | Broken Access Control (BAC) |
| Gift Cards for WooCommerce | Broken Access Control (BAC) |
| Google SEO Pressor Snippet | Broken Access Control (BAC) |
| Grand Restaurant WordPress Theme | Broken Access Control (BAC) |
| Grand Restaurant WordPress Theme | Path Traversal (BAC) to PHP Object Injection |
| Greenshift | Arbitrary File Upload (BAC) |
| Hive Support | Broken Access Control (BAC) |
| Hive Support | Broken Access Control (BAC) |
| Hospital Management System | Arbitrary File Upload (BAC) |
| Hotel + Bed and Breakfast Booking Calendar Theme | Bellevue | Broken Access Control (BAC) |
| Houzez Property Feed | Arbitrary File Download (BAC) |
| I Draw | Arbitrary File Upload (BAC) |
| Include URL | Arbitrary File Download (BAC) |
| include-file | Arbitrary File Download (BAC) |
| Industrial Lite Theme | Broken Access Control (BAC) |
| Insert Headers And Footers | Cross-Site Request Forgery (CSRF) and Arbitrary Options Update (BAC) |
| Insert Headers and Footers Code โ HT Script | Missing Authorization (BAC) to Limited Options Update (BAC) |
| Insert or Embed Articulate Content into WordPress | Arbitrary File Upload (BAC) |
| Integraรงรฃo entre Eduzz e Woocommerce | Missing Authorization (BAC) to Privilege Escalation (BAC) |
| Internal Link Optimiser | Settings Change (BAC) |
| JetBlocks For Elementor | Broken Access Control (BAC) |
| JetBlog | Broken Access Control (BAC) |
| JetBlog | Broken Access Control (BAC) |
| JetElements For Elementor | Broken Access Control (BAC) |
| JetMenu | Broken Access Control (BAC) |
| JetMenu | Broken Access Control (BAC) |
| JetPopup | Broken Access Control (BAC) |
| JetPopup | Broken Access Control (BAC) |
| JetTricks | Broken Access Control (BAC) |
| JetTricks | Broken Access Control (BAC) |
| JetWooBuilder | Broken Access Control (BAC) |
| JNews Theme | Broken Access Control (BAC) |
| Job Board Manager | Broken Access Control (BAC) |
| JobBoard Job listing | Broken Access Control (BAC) |
| JobSearch | Authentication Bypass (BAC) from Social Logins |
| JS Job Manager | Arbitrary File Upload (BAC) |
| JS Job Manager | Broken Access Control (BAC) |
| Kadence WooCommerce Email Designer | Arbitrary File Upload (BAC) |
| Kleo Theme | Broken Access Control (BAC) |
| Lafka Plugin | Missing Authorization (BAC) to Theme Option Update |
| Lana Downloads Manager | Arbitrary File Download (BAC) from Path Traversal (BAC) |
| Linet ERP-Woocommerce Integration | Arbitrary File Read (BAC)/Deletion |
| Live Forms | Broken Access Control (BAC) |
| Live Forms | Broken Access Control (BAC) |
| Local Magic | Broken Access Control (BAC) |
| Lottie Player block - Implement Lottie animations. | Cross-Site Scripting (XSS) from File Upload (BAC) |
| MapSVG Lite | Arbitrary File Upload (BAC) |
| MapSVG Lite | Broken Access Control (BAC) |
| Master Slider | Broken Access Control (BAC) |
| MasterStudy LMS | Broken Access Control (BAC) |
| Mayosis Core | Unauthenticated Arbitrary File Read (BAC) |
| mb.YTPlayer | Broken Access Control (BAC) |
| Media Library Downloader | Broken Access Control (BAC) |
| Memberpress | Unauthenticated Content Restriction Bypass (BAC) to Private Information Exposure |
| Minimalistic Event Manager | Broken Access Control (BAC) |
| Mobile App Canvas | Broken Access Control (BAC) |
| Motors | Missing Authorization (BAC) to Arbitrary Plugin Installation (BAC) |
| Motors | Missing Authorization (BAC) to Wizard Set-up |
| MP3 Audio Player for Music, Radio & Podcast by Sonaar | Broken Access Control (BAC) |
| My Tickets | Privilege Escalation (BAC) |
| MyBookProgress by Stormhill Media | Broken Access Control (BAC) |
| Name Directory | Broken Access Control (BAC) |
| NanoSupport | Broken Access Control (BAC) |
| Ni WooCommerce Cost Of Goods | Broken Access Control (BAC) |
| Ni WooCommerce Product Enquiry | Broken Access Control (BAC) |
| Nomupay Payment Processing Gateway | Arbitrary File Download (BAC) |
| Ocean Extra | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Official CleverReach Plugin for WooCommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| OpenAI Tools for WordPress & WooCommerce | Broken Access Control (BAC) |
| ORDER POST | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Oxygen MyData for WooCommerce | Arbitrary File Deletion (BAC) |
| Paid Videochat Turnkey Site | Broken Authentication (BAC) |
| Payday | Broken Access Control (BAC) |
| pCloud Backup | Broken Access Control (BAC) |
| Pearl | Broken Access Control (BAC) |
| Photobox Theme | Arbitrary File Upload (BAC) |
| Pin Generator | Broken Access Control (BAC) |
| Piotnet Forms | Path Traversal (BAC) |
| Plugin Central | Cross-Site Request Forgery (CSRF) and Arbitrary File Deletion (BAC) |
| PostmarkApp Email Integrator | Broken Access Control (BAC) |
| PowerPress Podcasting | Arbitrary File Upload (BAC) |
| Print Science Designer | Arbitrary File Download (BAC) |
| Printus | Broken Access Control (BAC) |
| Privyr CRM Integration | Broken Access Control (BAC) |
| Processing Projects | Arbitrary File Upload (BAC) |
| Publitio | Broken Access Control (BAC) |
| Publitio | Broken Access Control (BAC) |
| Publitio | Arbitrary File Read (BAC) |
| QR Code Tag for WC | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Quentn WP | Privilege Escalation (BAC) |
| Question Answer | Broken Access Control (BAC) |
| Rankology SEO โ On-site SEO | Privilege Escalation (BAC) |
| Real Estate 7 Theme | Privilege Escalation (BAC) |
| Real Estate 7 Theme | (Seller) Arbitrary File Upload (BAC) |
| Reales WP Theme | Missing Authorization (BAC) to Unauthenticated Attachment Deletion and Favorite Property Updates |
| RepairBuddy | Broken Access Control (BAC) |
| Residential Address Detection | Broken Access Control (BAC) |
| RestroPress | Broken Access Control (BAC) |
| Review Manager | Broken Access Control (BAC) |
| Revive.so โ Bulk Theme Rewrite and Republish Blog Posts | Broken Access Control (BAC) |
| Rezo Theme | Arbitrary File Upload (BAC) |
| Rich Table of Contents | Broken Access Control (BAC) |
| Rich Text Editor | Broken Access Control (BAC) |
| Safe Ai Malware Protection for WP | Broken Access Control (BAC) |
| Salesmate Add-On for Gravity Forms | Broken Access Control (BAC) |
| Salon booking system | Broken Access Control (BAC) |
| Salon booking system | Privilege Escalation (BAC) |
| Sandwich Adsense | Broken Access Control (BAC) |
| SecuPress Free | Missing Authorization (BAC) to Arbitrary Plugin Installation (BAC) |
| SEO Help | Broken Access Control (BAC) |
| Seo Meta Tags | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Service Finder Booking | Unauthenticated Privilege Escalation (BAC) from 'nsl_registration_store_extra_input' |
| Ship Per Product | Broken Access Control (BAC) |
| ShipDepot for WooCommerce | Broken Access Control (BAC) |
| Shiptimize for WooCommerce | Settings Change (BAC) |
| Shopify to WooCommerce Migration | Settings Change (BAC) |
| Shopper Approved Reviews | Missing Authorization (BAC) to Arbitrary Options Update (BAC) |
| ShortPixel Adaptive Images | Broken Authentication (BAC) |
| Simple Icons | Broken Access Control (BAC) |
| Simple Sitemap โ Create a Responsive HTML Sitemap | Broken Access Control (BAC) |
| Simple Sticky Add To Cart For WooCommerce | Broken Access Control (BAC) |
| Simple Website Logo | Broken Access Control (BAC) |
| Simple WP Events | Arbitrary File Deletion (BAC) |
| Simple:Press | Broken Access Control (BAC) |
| Sirat Theme | Broken Access Control (BAC) |
| Site Notify | Broken Access Control (BAC) |
| Slazzer Background Changer | Broken Access Control (BAC) |
| Sliced Invoices | Broken Access Control (BAC) |
| Slide Theme | Arbitrary File Upload (BAC) |
| Slider Path for Elementor | Broken Access Control (BAC) |
| Small Package Quotes โ Worldwide Express Edition | Broken Access Control (BAC) |
| Smart Hashtags [#hashtagger] | Broken Access Control (BAC) |
| Smart Icons For WordPress | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Smart Product Review | Unauthenticated Arbitrary File Upload (BAC) |
| SMS Alert Order Notifications โ WooCommerce | Unauthenticated Account Takeover (BAC)/ Privilege Escalation (BAC) |
| Smush Image Compression and Optimization | Directory Traversal (BAC) |
| Social proof testimonials and reviews by Repuso | Broken Access Control (BAC) |
| Social Share Buttons & Analytics Plugin โ GetSocial.io | Broken Access Control (BAC) |
| Solace Extra | Arbitrary File Upload (BAC) |
| SP Blog Designer | Arbitrary Shortcode Execution (BAC) |
| Specia Companion | Broken Access Control (BAC) |
| Spice Blocks | Broken Access Control (BAC) |
| Spider Elements โ Addons for Elementor | Broken Access Control (BAC) |
| Squeeze | Arbitrary File Upload (BAC) |
| StaffList | Broken Access Control (BAC) |
| Starfish Review Generation & Marketing | Arbitrary Option Update to Privilege Escalation (BAC) |
| StaticPress | Broken Access Control (BAC) |
| StoreContrl Woocommerce | Arbitrary File Download (BAC) |
| Streamit Theme | Arbitrary File Download (BAC) |
| Streamit Theme | Arbitrary File Upload (BAC) |
| Streamit Theme | Privilege Escalation (BAC) from User Email Change/Account Takeover (BAC) |
| Style Manager | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| SureTriggers | Authorization Bypass (BAC) |
| Survey Maker | Bypass (BAC) |
| SurveyJS | Broken Access Control (BAC) |
| Swatchly โ WooCommerce Variation Swatches for Products | Missing Authorization (BAC) to Limited Options Update (BAC) |
| Swiss Toolkit For WP | Broken Access Control (BAC) |
| Swiss Toolkit For WP | Broken Access Control (BAC) |
| Sync Posts | Arbitrary File Upload (BAC) |
| TableOn โ WordPress Posts Table Filterable | Broken Access Control (BAC) |
| Target Video Easy Publish | Arbitrary Shortcode Execution (BAC) |
| TextMe SMS | Broken Access Control (BAC) |
| Theater for WordPress | Broken Access Control (BAC) |
| Themify Edmin Theme | Arbitrary File Upload (BAC) |
| Themify Folo Theme | Arbitrary File Upload (BAC) |
| Themify Newsy Theme | Arbitrary File Upload (BAC) |
| Themify Sidepane WordPress Theme | Arbitrary File Upload (BAC) |
| TuriTop Booking System | Broken Access Control (BAC) |
| Uncanny Automator | Missing Authorization (BAC) to Privilege Escalation (BAC) |
| Unlimited Timeline | Broken Access Control (BAC) |
| Unlimited Timeline | Broken Access Control (BAC) |
| UPC/EAN/GTIN Code Generator | Settings Change (BAC) |
| UrbanGo Membership | Unauthenticated Privilege Escalation (BAC) |
| User Registration | Authentication Bypass (BAC) |
| User Registration | Insecure Direct Object Reference to User Password Update (BAC) |
| User Registration & Membership Pro | Authentication Bypass (BAC) |
| Variable Inspector | Broken Access Control (BAC) |
| Vayu Blocks โ Gutenberg Blocks for WordPress & WooCommerce | Missing Authorization (BAC) to Unauthenticated Limited Arbitrary Options Update (BAC) |
| Vehica Core | Privilege Escalation (BAC) |
| Vikinger Theme | Privilege Escalation (BAC) from 'vikinger_user_meta_update_ajax' |
| Vitepos | Broken Authentication (BAC) |
| Vitepos | Broken Authentication (BAC) |
| WC Marketplace | Missing Authorization (BAC) to Unauthenticated Table Rates Deletion |
| WebinarPress | Broken Access Control (BAC) |
| Widget Manager Light | Broken Access Control (BAC) |
| Wigi Theme | Arbitrary File Upload (BAC) |
| Woffice Core | Arbitrary File Upload (BAC) |
| Woffice Theme | Authentication Bypass (BAC) from Registration Role |
| Woo Product Feed For Marketing Channels | Broken Access Control (BAC) |
| WooCommerce Loyal Customers | Broken Access Control (BAC) |
| WooCommerce Multilingual & Multicurrency | Broken Access Control (BAC) |
| WooCommerce Product Table Lite | Broken Access Control (BAC) |
| Woocommerce Products Reorder Drag Drop Multiple Sort โ Sortable, Rearrange Products Vagonic | Broken Access Control (BAC) |
| WordPress Adverts Plugin | Broken Access Control (BAC) |
| WordPress CLEVER - HTML5 Radio Player With History - Shoutcast and Icecast - Elementor Widget Addon plugin | Unauthenticated Arbitrary File Read (BAC) |
| WordPress Projectopia - Project Magement Plugin | Privilege Escalation (BAC) |
| WordPress REST API Authentication | Settings Change (BAC) |
| WordPress ZoomSounds - WordPress Wave Audio Player with Playlist plugin | Missing Authorization (BAC) to Limited Options Update (BAC) and Settings Manipulation |
| WowStore | Broken Access Control (BAC) |
| WP AutoKeyword | Arbitrary Content Deletion (BAC) |
| WP Clone any post type | Broken Access Control (BAC) |
| WP Customize Login Page | Broken Access Control (BAC) |
| WP Docs | Broken Access Control (BAC) |
| WP Editor | Directory Traversal (BAC) to Arbitrary File Read (BAC) |
| WP Editor | Directory Traversal (BAC) to Arbitrary File Update |
| WP Event Manager | Broken Access Control (BAC) |
| WP Genealogy โ Your Family History Website | Broken Access Control (BAC) |
| WP Logger | Broken Access Control (BAC) |
| WP Mobile Bottom Menu | Broken Access Control (BAC) |
| WP Project Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP Project Manager | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| WP RealEstate | Authentication Bypass (BAC) from 'process_register' |
| WP Remote Thumbnail | Arbitrary File Upload (BAC) |
| WP shop | Cross-Site Request Forgery (CSRF) and Arbitrary File Upload (BAC) |
| WP Simple Booking Calendar | Broken Access Control (BAC) |
| WP Simple HTML Sitemap | Broken Access Control (BAC) |
| WP Statistics | Missing Authorization (BAC) to Arbitrary Plugin Settings Update |
| WP Subscription Forms | Broken Access Control (BAC) |
| WP Tools | Cross-Site Request Forgery (CSRF) and Arbitrary File Deletion (BAC) |
| WP Ultimate CSV Importer | Arbitrary File Deletion (BAC) |
| WP Ultimate CSV Importer | Arbitrary File Upload (BAC) |
| WP User Profiles | Privilege Escalation (BAC) |
| WP Video Playlist | Settings Change (BAC) |
| WP Zendesk for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| WP-Advanced-Search | Arbitrary File Upload (BAC) |
| WP-BusinessDirectory | Arbitrary File Deletion (BAC) |
| WPAMS | Arbitrary File Upload (BAC) |
| WPAMS | Arbitrary File Upload (BAC) |
| WPAMS | Privilege Escalation (BAC) |
| WPAMS | Local File Inclusion (LFi) to Privilege Escalation (BAC) |
| WPBookit | Broken Access Control (BAC) |
| WPC Admin Columns | Privilege Escalation (BAC) from User Meta Update |
| WPC Smart Linked Products - Upsells & Cross-sells for WooCommerce | Privilege Escalation (BAC) |
| wpForo Forum | Privilege Escalation (BAC) |
| WPFront User Role Editor | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) from whitelist_options Function |
| WPJobBoard | Path Traversal (BAC) |
| WPMasterToolKit | Arbitrary File Read (BAC) and Write (BAC) |
| wProject Theme | Privilege Escalation (BAC) |
| WPSolr | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| WR Price List Manager For Woocommerce | Arbitrary Content Deletion (BAC) |
| WS Form LITE | Missing Authorization (BAC) to Unauthenticated Private Information Exposure |
| Xelion Webchat | Privilege Escalation (BAC) |
| Xpro Theme Builder | Broken Access Control (BAC) |
| YayExtra | Broken Access Control (BAC) |
| Z Companion | Cross-Site Scripting (XSS) from SVG File Upload (BAC) |
| Zephyr Project Manager | Broken Access Control (BAC) |
| Zoho Flow | Broken Access Control (BAC) |
| ZoomSounds | Unauthenticated Arbitrary File Download (BAC) |
| WP BAC & WordPress Broken Access Control reported in 2023: | 931 |
| WP BAC & WordPress Broken Access Control reported in 2024: | 2024 |
| WP BAC & WordPress Broken Access Control reported in 2025: | 1203 |
MANAGED WP/Woo SECURITY: WP Broken Access Control โ WP Broken Access Control Related Posts
WP BAC APR 2025: Brutal 185(!) WP Broken Access Control
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP BAC MAR 2025: Brutal 172 WP Broken Access Control
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP BAC FEB 2025: Brutal 258 WP Broken Access Control
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP BAC JAN 2025: Brutal 219 WP Broken Access Control
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
Table of Contents
- WP BAC MAY 2025: WP Broken Access Control
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC MAY 2025: WP Broken Access Control Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP BAC MAY 2025: WP Broken Access Control Patch Management.
- Get security LIVEPATCH
- Stay informed
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo SECURITY: WP Broken Access Control โ WP Broken Access Control Related Posts
- WP BAC APR 2025: Brutal 185(!) WP Broken Access Control
- WP BAC MAR 2025: Brutal 172 WP Broken Access Control
- WP BAC FEB 2025: Brutal 258 WP Broken Access Control
- WP BAC JAN 2025: Brutal 219 WP Broken Access Control
