Unauthenticated WP AUG 2024
Tailored WP/Woo Security Report
Be informed about the latest Unauthenticated WP AUG 2024 - WP Security Circumvention, identified and reported publicly. It is a +24% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your Unauthenticated WP AUG 2024 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP AUG 2024 category:
| Add Admin CSS | Unauthenticated Full Path Disclosure (BAC) |
| Add Admin JavaScript | Unauthenticated Full Path Disclosure (BAC) |
| Addonify | Unauthenticated Full Path Disclosure (BAC) |
| Admin Post Navigation | Unauthenticated Full Path Disclosure (BAC) |
| Admin Trim Interface | Unauthenticated Full Path Disclosure (BAC) |
| AForms | Unauthenticated Full Path Disclosure (BAC) |
| Aramex Shipping WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
| BerqWP | Unauthenticated NonBlind Server-Side Request Forgery (SSRF) |
| Branda | Unauthenticated Full Path Disclosure (BAC) |
| Bug Library | Unauthenticated Remote Code Execution (RCE) |
| Campaign Monitor for WordPress | Unauthenticated Full Path Disclosure (BAC) |
| CZ Loan Management | Unauthenticated SQL Injection (SQLi) |
| Donation Block For PayPal | Unauthenticated Cross-Site Scripting (XSS) |
| Easy Pixels | Unauthenticated Cross-Site Scripting (XSS) |
| Elements kit Elementor addons | Unauthenticated Private Information Exposure via ekit_widgetarea_content Function |
| EventON | Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC) |
| Filter & Grids | Unauthenticated Local File Inclusion (LFi) |
| FormLift for Infusionsoft Web Forms | Unauthenticated SQL Injection (SQLi) |
| FULL Customer | Unauthenticated Cross-Site Scripting (XSS) via License Plan Parameter |
| Glossary | Unauthenticated Full Path Disclosure (BAC) |
| Goya Theme | Unauthenticated Cross-Site Scripting (XSS) via Multiple Parameters |
| Gravity Forms: Multiple Form Instances | Unauthenticated Full Path Disclosure (BAC) |
| HUSKY | Unauthenticated TimeBased SQL Injection (SQLi) |
| Icegram | Unauthenticated Message Duplication |
| InstaWP Connect | Unauthenticated Authentication Bypass |
| Intelligence | Unauthenticated Full Path Disclosure (BAC) |
| IQ Testimonials | Unauthenticated Arbitrary File Upload (BAC) |
| Jobmonster Theme | Unauthenticated Arbitrary File Deletion (BAC) |
| Jobmonster Theme | Unauthenticated Privilege Escalation (BAC) |
| JSON API User | Unauthenticated Privilege Escalation (BAC) |
| Keydatas | Unauthenticated Arbitrary File Upload (BAC) |
| Laposta | Unauthenticated Full Path Disclosure (BAC) |
| LearnPress | Missing Authorization (BAC) to Unauthenticated User Registration Bypass |
| LearnPress | Unauthenticated Bypass to User Registration |
| ListingPro | Unauthenticated Local File Inclusion (LFi) |
| ListingPro | Unauthenticated SQL Injection (SQLi) |
| ListingPro Theme | Unauthenticated SQL Injection (SQLi) |
| One Click Close Comments | Unauthenticated Full Path Disclosure (BAC) |
| Optimize images ALT Text (alt tag) & names for SEO using AI | Unauthenticated Full Path Disclosure (BAC) |
| PayPlus Payment Gateway | Unauthenticated SQL Injection (SQLi) |
| Piotnet Addons For Elementor | Unauthenticated Private Information Exposure |
| Plum: Spin Wheel & Email Popup | Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS) |
| Product Designer | Missing Authorization (BAC) to Unauthenticated Arbitrary Attachment Deletion (BAC) |
| Product Table by WBW | Unauthenticated Remote Code Execution (RCE) |
| Profile Builder | Unauthenticated Media Upload (BAC) |
| Redux Framework | Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS) |
| SchedulePress | Unauthenticated Full Path Disclosure (BAC) |
| SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer | Unauthenticated Full Path Disclosure (BAC) |
| Social Auto Poster | Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC) |
| Social Auto Poster | Unauthenticated Cross-Site Scripting (XSS) |
| TOCHAT.BE | Unauthenticated Cross-Site Scripting (XSS) |
| Ultimate Auction | Missing Authorization (BAC) to Unauthenticated Email Creation (BAC) |
| Ultimate Classified Listings | Unauthenticated Local File Inclusion (LFi) |
| User Feedback | Unauthenticated Cross-Site Scripting (XSS) via Name Parameter |
| UsersWP | Unauthenticated SQL Injection (SQLi) via 'uwp_sort_by' |
| VForm | Unauthenticated Cross-Site Scripting (XSS) |
| Woffice Core | Unauthenticated Broken Access Control (BAC) |
| Woocommerce OpenPos | Unauthenticated Arbitrary File Deletion (BAC) |
| Woocommerce OpenPos | Unauthenticated Private Data Exposure |
| Woocommerce OpenPos | Unauthenticated SQL Injection (SQLi) |
| WordPress Cliengo Chatbot plugin | Missing Authorization (BAC) to Unauthenticated Chatbot Settings Update (BAC) |
| WordPress Form Builder Plugin – Gutenberg Forms | Unauthenticated Arbitrary File Upload (BAC) |
| WP EasyPay | Missing Authorization (BAC) to Unauthenticated Service Disconnection |
| WP eMember | Unauthenticated Cross-Site Scripting (XSS) via Member Registration |
| WP Meteor Page Speed Optimization Topping | Unauthenticated Full Path Disclosure (BAC) |
| WP Popups | Unauthenticated Full Path Disclosure (BAC) |
| WpStickyBar | Unauthenticated SQL Injection (SQLi) |
| XCloner Backup, Restore and Migrate | Unauthenticated Full Path Disclosure (BAC) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 355 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP AUG 2024 Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
