Unauthenticated WP APR 2024
Tailored WP/Woo Security Report
Be informed about the latest Unauthenticated WP APR 2024 – WP Security Circumvention, identified and reported publicly. It is a +17% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your Unauthenticated WP APR 2024 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP APR 2024 category:
| AI Engine: ChatGPT Chatbot | Unauthenticated Cross-Site Scripting (XSS) |
| Anti-Malware Security and Brute-Force Firewall | Unauthenticated Predictable Nonce BruteForce Leading to Remote Code Execution (RCE) |
| ARMember | Unauthenticated PHP Object Injection |
| Automatic | Unauthenticated Arbitrary SQL Execution |
| Automatic | Unauthenticated Arbitrary File Download and SSRF |
| Avada Theme | Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing |
| Backup and Restore WordPress | Unauthenticated Private Data Exposure |
| BetterDocs | Unauthenticated PHP Object Injection |
| Bit Form – Contact Form Plugin | Unauthenticated Insecure Direct Object Reference to Form Submission Alteration |
| BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
| BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) |
| Calculated Fields Form | Unauthenticated Cross-Site Scripting (XSS) |
| Check & Log Email | Unauthenticated Hook Injection |
| Contact Forms by Cimatti | Unauthenticated Cross-Site Scripting (XSS) |
| Create by Mediavine | Unauthenticated SQL Injection (SQLi) via ‘id’ |
| CRM Perks Forms | Unauthenticated SQL Injection (SQLi) |
| Database for Contact Form 7 | Unauthenticated Cross-Site Scripting (XSS) |
| Enjoy Social Feed plugin for WordPress website | Unauthenticated Arbitrary Instagram Account Unlinking |
| EventPrime | Unauthenticated Cross-Site Scripting (XSS) |
| Everest Forms | Unauthenticated ServerSide Request Forgery via font_url |
| Extensions For CF7 | Unauthenticated Cross-Site Scripting (XSS) |
| Finale Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
| Giveaways and Contests by RafflePress | Unauthenticated Cross-Site Scripting (XSS) |
| HT Easy GA4 ( Google Analytics 4 ) | Missing Authorization (BAC) to Unauthenticated GA Email Update (BAC) |
| Malware Scanner | Unauthenticated Privilege Escalation |
| Network Summary | Unauthenticated SQL Injection (SQLi) |
| Newsmatic Theme | Unauthenticated Information Exposure via newsmatic_filter_posts_load_tab_content |
| NextMove Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
| Order Tip for WooCommerce | Missing Authorization (BAC) to Unauthenticated Data Export |
| Otter Blocks PRO | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Pie Register | Unauthenticated Arbitrary File Upload (BAC) |
| Radio Player | Unauthenticated Broken Access Control |
| Seriously Simple Podcasting | Unauthenticated Administrator Email Private Information Disclosure |
| Simple Ajax Chat | Unauthenticated Cross-Site Scripting (XSS) |
| Simple Job Board | Unauthenticated PHP Object Injection via Job Application Fields |
| Simple Membership | Unauthenticated Cross-Site Scripting (XSS) |
| SportsPress – Sports Club & League Manager | Missing Authorization (BAC) to Unauthenticated Event Permalink Update (BAC) |
| Ultimate Gift Cards For WooCommerce | Missing Authorization (BAC) to Unauthenticated Information Exposure |
| Ultimate Member | Unauthenticated Cross-Site Scripting (XSS) |
| User Registration | Unauthenticated Cross-Site Scripting (XSS) |
| Web Application Firewall – website security | Unauthenticated Privilege Escalation |
| Website Article Monetization By MageNet | Unauthenticated Cross-Site Scripting (XSS) |
| weForms | Unauthenticated Cross-Site Scripting (XSS) via Referer |
| Wholesale For WooCommerce | Unauthenticated Private Data Exposure |
| WholesaleX | Unauthenticated Privilege Escalation |
| WholesaleX | Unauthenticated PHP Object Injection |
| WooCommerce Cloak Affiliate Links | Missing Authorization (BAC) to Unauthenticated Permalink Modification |
| WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels | Unauthenticated Cross-Site Scripting (XSS) |
| WP Compress – Image Optimizer [All-In-One] | Missing Authorization (BAC) to Unauthenticated CDN Modification |
| WP Migrate | Unauthenticated PHP Object Injection |
| Wp Social | Missing Authorization (BAC) to Unauthenticated Social Login/Share Status Update (BAC) |
| WP Statistics | Unauthenticated Cross-Site Scripting (XSS) |
| WP Travel Engine | Unauthenticated SQL Injection (SQLi) |
| Youzify Buddypress Moderation | Unauthenticated Cross-Site Scripting (XSS) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 129 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP APR 2024 Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
