Broken Access Control JUN 2023 Vulnerabilities
Tailored WordPress Security Report
Be informed about the latest Broken Access Control JUN 2023, identified and reported publicly. It is a +31% INCREASE compared to previous month, as specifically targeted Broken Access Control. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security. The following cases made headlines PUBLICLY just last month in the Broken Access Control JUN 2023 category:
Hire security geeks to protect your WP/Woo from publicly reported cases of Broken Access Control JUN 2023 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
| Appzend Theme | Broken Access Control (BAC) |
| Bit Form – Contact Form Plugin | Remote Code Execution (RCE) via Unauthenticated Arbitrary File Upload (BAC) |
| Booking Ultra Pro | Broken Access Control (BAC) |
| Bookly | Arbitrary File Deletion (BAC) |
| BP Social Connect | Authentication Bypass (BAC) |
| BuzzStore Theme | Broken Access Control (BAC) |
| Community by PeepSo | Server Information Disclosure (BAC) |
| Craft Blog Theme | Broken Access Control (BAC) |
| Download Monitor | Sensitive Data Exposure (BAC) |
| E-Commerce Predictive Search | Missing Authorisation (BAC) |
| Easing Slider | Plugin Settings Reset (BAC) |
| Easy Captcha | Broken Access Control (BAC) |
| Easy Digital Downloads | Unauthenticated Privilege Escalation (BAC) |
| Editorialmag Theme | Arbitrary Plugin Activation (BAC) |
| Elementor Website Builder | Broken Access Control (BAC) |
| Elementor Website Builder | Missing Authorisation (BAC) to Settings Update |
| Essential Addons for Elementor | Unauthenticated Privilege Escalation (BAC) |
| Fitness Park Theme | Broken Access Control (BAC) |
| Groundhogg | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Groundhogg | Multiple Missing Authorisation (BAC) |
| GS Pins for Pinterest | Broken Access Control (BAC) |
| HashOne Theme | Broken Access Control (BAC) |
| Hide My WP Ghost | IP Address Spoofing to Protection Mechanism Bypass (BAC) |
| Injection Guard | Broken Access Control (BAC) |
| Jetpack | Arbitrary File Overwrite (BAC) |
| Kathmag Theme | Broken Access Control (BAC) |
| Kingcabs Theme | Broken Access Control (BAC) |
| Leyka | Privilege Escalation (BAC) |
| Link Whisper Free | Unauthenticated Broken Access Control (BAC) |
| Manager for Icomoon | Arbitrary File Upload (BAC) |
| Medical Heed Theme | Broken Access Control (BAC) |
| Metform Elementor Contact Form Builder | Missing Authorisation (BAC) |
| MetroStore Theme | Broken Access Control (BAC) |
| MStore API | Authentication Bypass (BAC) |
| MStore API | Authentication Bypass (BAC) |
| OAuth Single Sign On – SSO (OAuth Client) | Broken Authentication (BAC) |
| Online eStore Theme | Broken Access Control (BAC) |
| OTP Login Woocommerce & Gravity Forms | Authentication Bypass (BAC) to Privilege Escalation (BAC) |
| Points and Rewards for WooCommerce | Broken Access Control (BAC) |
| Points and Rewards for WooCommerce | Settings Change (BAC) |
| Portfolio Gallery – Responsive Image Gallery | Broken Access Control (BAC) |
| Predictive Search | Missing Authorisation (BAC) |
| reCAPTCHA for all | Broken Access Control (BAC) |
| RegistrationMagic | Authentication Bypass (BAC) |
| SALERT | Broken Access Control (BAC) |
| Simple Page Ordering | Broken Access Control (BAC) |
| SKU Label Changer For WooCommerce | Broken Access Control (BAC) |
| Soundcloud Is Gold | Broken Access Control (BAC) |
| SparkleStore Theme | Broken Access Control (BAC) |
| SpiderMag Theme | Broken Access Control (BAC) |
| TheGem Theme | Broken Access Control (BAC) |
| TheGem Theme | Broken Access Control (BAC) |
| TK Google Fonts GDPR Compliant | Authorisation Bypass (BAC) |
| Tutor LMS | Multiple Broken Access Control (BAC) |
| Viral News Theme | Broken Access Control (BAC) |
| Viral Theme | Broken Access Control (BAC) |
| WCP Contact Form | Broken Access Control (BAC) |
| WCP Contact Form | Broken Access Control (BAC) |
| Woo Custom Emails | Broken Access Control (BAC) |
| WooCommerce Follow-Up Emails | Arbitrary File Upload (BAC) |
| WooCommerce Predictive Search | Broken Access Control (BAC) |
| Woodmart Theme Core Plugin | Privilege Escalation (BAC) |
| WoodMart Theme | Broken Access Control (BAC) |
| WordPress 6.2 Core | Insufficient Sanitization of Block Attributes (BAC) |
| WordPress Announcement & Notification Banner Plugin – Bulletin | Missing Authorisation (BAC) Checks |
| WordPress Backup & Migration | Broken Access Control (BAC) |
| WP Directory Kit | Multiple Missing Authorisation (BAC) |
| WP Job Portal | Unauthenticated Plugin Settings Change (BAC) |
| WP-Chatbot for Messenger | Broken Access Control (BAC) |
| WPCS | Multiple Missing Authorisation (BAC) |
| WS Form LITE | CAPTCHA Bypass (BAC) |
| WordPress Broken Access Control reported in 2023 so far | 281 |
Stay Healthy! A healthier online business starts today and it begins with your WP/Woo. Hire security experts to solve all your Broken Access Control JUN 2023 issues.
BRIEF: Broken Access Control JUN 2023 are critical security vulnerabilities in which attackers can perform any action (access, modify, delete) outside of WordPress or WooCommerce intended default user permissions (subscriber, customer, etc).
What is Broken Access Control?
A security threat, where intruders are able to gain access to unauthorized data. Broken access control is a failure on the OWN security to carry out and maintain pre-established user access policies. Bypassing intended permissions, intruders become able to reach sensitive information, modify and outright delete or download data, or perform business functions that you wouldn’t want them to perform. Like ordering a single product, paying and after confirmation tampering the saved cart ordered item numbers.
Broken access control vulnerabilities can have far-reaching consequences. Privileged data could be exposed, malware could be loaded to further attacks and destruction. Beyond the initial breach, companies face litigation, damage control, loss of market share and reputation, repair of compromised systems, and delays in deploying live improvements. With exploits and attacks more prevalent than ever, ensuring your system’s security is more important than ever.
What is Insecure Direct Object Reference (IDOR)?
Insecure direct object references (IDOR) are a type of access control vulnerability that arises when an application uses user-supplied input to access objects directly. It leads to access controls being circumvented. IDOR vulnerabilities are most commonly associated with reaching resources from database entries belonging to other users, files in the system, and more. This is caused by the fact that the application takes user supplied input and uses it to retrieve an object without performing sufficient authorization checks.
What is Missing Authorization?
Assuming a user with a given identity, authorization is the process of determining whether that user can access a given resource, based on the user’s privileges and any permissions or other access-control specifications that apply to the resource. When access control checks are not applied, users are able to access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including sensitive and private information exposures, remote or arbitrary code execution.
What is Directory or Path Traversal?
Directory traversal (or file path traversal) is a security vulnerability that allows an attacker to read specific files on the server that is running inside your WordPress or WooCommerce. This might include plugin or theme code and data, credentials for back-end systems, 3rd party integrations, hosting environment details, or sensitive operating system files. In some cases, an attacker might be able to write into these files on the server, allowing them to modify application data or behavior, and ultimately taking full control of the infrastructure.
SOLVE TODAY any reported Broken Access Control JUN 2023 vulnerability! Do you suspect any Broken Access Control JUN 2023 in your WordPress / WooCommerce?
