Unauthenticated WP FEB 2025
Managed WP/Woo Security Report
Be informed about the latest Unauthenticated WP FEB 2025 - WP Security Circumvention, identified and reported publicly. It is a +26% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your Unauthenticated WP FEB 2025 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP FEB 2025 category:
| 1003 Mortgage Application | Unauthenticated Private Full Path Disclosure (PD) |
| Adifier System | Unauthenticated Password Reset (BAC) |
| aDirectory | Unauthenticated PHP Object Injection (PHPi) |
| ARPrice | Unauthenticated PHP Object Injection (PHPi) |
| ARPrice | Unauthenticated SQL Injection (SQLi) |
| Backup Migration | Unauthenticated PHP Object Injection (PHPi) from 'recursive_unserialize_replace' |
| BookingPress | Unauthenticated Export (BAC) File Download (BAC) |
| Bootstrap Ultimate Theme | Unauthenticated Limited Local File Inclusion (LFi) |
| CF7 WOW Styler | Unauthenticated Shortcode Execution (BAC) and Cross-Site Scripting (XSS) |
| CF Internal Link Shortcode | Unauthenticated SQL Injection (SQLi) |
| Compare Products for WooCommerce | Unauthenticated PHP Object Injection (PHPi) |
| Contact Form & SMTP Plugin | Unauthenticated Shortcode Execution (BAC) |
| Cost Calculator Builder Pro | Unauthenticated SQL Injection (SQLi) |
| Download Personalized WooCommerce Cart Page | Missing Authorization (BAC) and Unauthenticated Settings Update (BAC) |
| Error Log Viewer | Missing Authorization (BAC) and Unauthenticated File Read (BAC) |
| Eventer | Unauthenticated SQL Injection (SQLi) |
| Evergreen Content Poster | Missing Authorization (BAC) and Unauthenticated Post Deletion (BAC) |
| Export Import Menus | Missing Authorization (BAC) and Unauthenticated Menu Export (BAC) |
| Fancy Product Designer | Unauthenticated File Upload (BAC) |
| Fancy Product Designer | Unauthenticated SQL Injection (SQLi) |
| FAT Event Lite | Unauthenticated Non Local File Inclusion (LFi) |
| Flexible Wishlist for WooCommerce | Unauthenticated Cross-Site Scripting (XSS) from wishlist_name Parameter |
| GamiPress | Unauthenticated Shortcode Execution (BAC) from gamipress_ajax_get_logs Function |
| GamiPress | Unauthenticated SQL Injection (SQLi) from orderby Parameter |
| Gravity Forms | Unauthenticated Cross-Site Scripting (XSS) from 'alt' parameter |
| Host PHP Info | Missing Authorization (BAC) and Unauthenticated Private Information Disclosure |
| iControlWP | Unauthenticated PHP Object Injection (PHPi) |
| Import WP | Unauthenticated Private Information Exposure Through Unprotected Directory |
| InfiniteWP Client | Unauthenticated Limited Directory Traversal and txt File Reading |
| Infographic Maker – iList | Unauthenticated Shortcode Execution (BAC) |
| JupiterX Core | Missing Authorization (BAC) and Unauthenticated Popup Template Export (BAC) |
| Link Fixer | Unauthenticated Cross-Site Scripting (XSS) |
| linkID | Missing Authorization (BAC) and Unauthenticated Private Information Exposure |
| Live Sales Notification for Woocommerce - Woomotiv | Unauthenticated SQL Injection (SQLi) |
| MC Woocommerce Wishlist | Unauthenticated Insecure Direct Object References (IDOR) from Download (BAC)_pdf_file Function |
| Media Manager for UserPro | Missing Authorization (BAC) and Unauthenticated Options Update (BAC) |
| Member Access | Unauthenticated Content Restriction Bypass (BAC) and Private Information Exposure |
| MIPL WC Multisite Sync | Unauthenticated File Download (BAC) |
| Moving Users | Unauthenticated Private Information Exposure |
| Multiple Shipping And Billing Address For Woocommerce | Unauthenticated SQL Injection (SQLi) |
| Multi Step Form | Missing Authorization (BAC) and Unauthenticated Limited File Upload (BAC) |
| Order Export (BAC) for WooCommerce | Unauthenticated Private Information Exposure Through Unprotected Directory |
| Oshine Modules | Unauthenticated Server-Side Request Forgery (SSRF) |
| Passster – Password Protection | Unauthenticated Content Restriction Bypass (BAC) and Private Information Exposure |
| Passwords Manager | Unauthenticated SQL Injection (SQLi) |
| PayU India | Unauthenticated Privilege Escalation (BAC) |
| Popup – MailChimp, GetResponse and ActiveCampaign Intergrations | Missing Authorization (BAC) and Unauthenticated DB Table Truncation |
| Post Grid and Gutenberg Blocks | Unauthenticated Privilege Escalation (BAC) |
| Post Grid Master | Missing Authorization (BAC) and Unauthenticated Local PHP File Inclusion |
| Product Table by WBW | Unauthenticated SQL Injection (SQLi) |
| Profile Builder | Unauthenticated Cross-Site Scripting (XSS) |
| Restrict Content | Unauthenticated Content Restriction Bypass (BAC) and Private Information Exposure |
| Safe Ai Malware Protection for WP | Missing Authorization (BAC) and Unauthenticated Database Export (BAC) |
| School Management System – SakolaWP | Unauthenticated Privilege Escalation (BAC) |
| Shared Files | Limited Unauthenticated Cross-Site Scripting (XSS) from File Upload (BAC) |
| Social Share Buttons for WordPress | Unauthenticated Image Upload (BAC) & Path Traversal |
| Starter Templates by FancyWP | Unauthenticated Blind Server-Side Request Forgery (SSRF) |
| String locator | Unauthenticated PHP Object Injection (PHPi) |
| Super Socializer | Unauthenticated Limited SQL Injection (SQLi) from 'SuperSocializerKey' |
| SureForms | Missing Authorization (BAC) and Unauthenticated Protected Private Post Disclosure (PD) |
| ThemeREX Addons | Unauthenticated File Upload (BAC) in trx_addons_uploads_save_data |
| The Ultimate WordPress Toolkit – WP Extended | Unauthenticated SQL Injection (SQLi) from Login Attempts Module |
| Tourmaster | Unauthenticated Cross-Site Scripting (XSS) from Room Booking |
| Ultimate Member | Unauthenticated SQL Injection (SQLi) |
| W3 Total Cache | Missing Authorization (BAC) and Unauthenticated Plugin Deactivation and Extensions Activation/Deactivation |
| WC Marketplace | Unauthenticated Limited Local File Inclusion (LFi) |
| WooCommerce Product Table Lite | Unauthenticated Shortcode Execution (BAC) & Cross-Site Scripting (XSS) |
| WordPress File Upload (BAC) | Unauthenticated Path Traversal and File Read (BAC) in wfu_file_downloaderphp |
| WordPress File Upload (BAC) | Unauthenticated Remote Code Execution (BAC), File Read (BAC), and File Deletion (BAC) |
| WordPress Popular Posts | Unauthenticated Shortcode Execution (BAC) |
| WPBookit | Unauthenticated User Password Change (BAC) |
| WPBookit | Unauthenticated File Upload (BAC) |
| WPBot Pro WordPress Chatbot | Unauthenticated File Upload (BAC) |
| WP Database Backup | Unauthenticated Database Back Up Exposure |
| WP-Polls | Unauthenticated SQL Injection (SQLi) and Cross-Site Scripting (XSS) |
| WS Form LITE | Unauthenticated Cross-Site Scripting (XSS) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 628 |
| Unauthenticated WordPress reported in 2025: | 136 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP FEB 2025 Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
