Unauthenticated WP JUL 2024
Tailored WP/Woo Security Report
Be informed about the latest Unauthenticated WP JUL 2024 – WP Security Circumvention, identified and reported publicly. It is a +41% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your Unauthenticated WP JUL 2024 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JUL 2024 category:
| Advanced Contact form 7 DB | Missing Authorization (BAC) to Unauthenticated Information Disclosure (BAC) |
| Album and Image Gallery plus Lightbox | Unauthenticated Arbitrary Shortcode Execution |
| ARForms | Unauthenticated RCE |
| Authorize.net Payment Gateway For WooCommerce | Insufficient Verification of Data Authenticity to Unauthenticated Payment Bypass (BAC) |
| Bookster | Unauthenticated Appointment Status Update (BAC) (BAC) |
| Brizy – Page Builder | Unauthenticated Cross-Site Scripting (XSS) via Form |
| Canto | Unauthenticated Remote File Inclusion (LFi) (RFi) |
| Checkout Field Editor for WooCommerce (Pro) | Unauthenticated Arbitrary File Deletion (BAC) |
| CoDesigner WooCommerce Builder for Elementor | Unauthenticated PHP Object Injection |
| Consulting Elementor Widgets | Unauthenticated Local File Inclusion (LFi) |
| Contact Form 7 | Unauthenticated Open Redirect |
| Cost Calculator Builder Pro | Unauthenticated Arbitrary Email Sending |
| Dokan Pro | Unauthenticated SQL Injection (SQLi) |
| Elements kit Elementor addons | Unauthenticated Broken Access Control (BAC) |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) via hash |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
| Email Subscribers & Newsletters | Unauthenticated SQL Injection (SQLi) |
| FS Product Inquiry | Unauthenticated Cross-Site Scripting (XSS) |
| Ibtana | Unauthenticated Plugin Settings Update (BAC) |
| InstaWP Connect | Missing Authorization (BAC) to Unauthenticated API setup/Arbitrary Options Update (BAC) /Administrative User Creation (BAC) |
| Masterstudy Elementor Widgets | Unauthenticated Broken Access Control (BAC) |
| MegaMenu | Unauthenticated Local File Inclusion (LFi) |
| Metform Elementor Contact Form Builder | Unauthenticated Private Information Exposure |
| Music Store | Unauthenticated SQL Injection (SQLi) |
| Newsletter | Unauthenticated Cross-Site Scripting (XSS) via np |
| Online Booking & Scheduling Calendar for WordPress by vcita | Unauthenticated Cross-Site Scripting (XSS) |
| Open Graph | Unauthenticated Private Information Exposure |
| Pearl | Missing Authorization (BAC) to Unauthenticated Arbitrary Site Options Deletion (BAC) |
| phpinfo WP | Unauthenticated Data Exposure |
| Quiz Maker | Unauthenticated SQL Injection (SQLi) via ‘ays_questions’ |
| Salon booking system | Unauthenticated Arbitrary File Upload (BAC) |
| Scheduling Plugin – Online Booking for WordPress | Unauthenticated Plugin Settings Reset (BAC) |
| Shariff | Unauthenticated Local File Inclusion (LFi) |
| Startklar Elementor Addons | Unauthenticated Path Traversal to Arbitrary Directory Deletion (BAC) |
| Themify – WooCommerce Product Filter | Unauthenticated SQL Injection (SQLi) via conditions Parameter |
| Uncanny Automator Pro | Unauthenticated License Settings Reset (BAC) |
| Video Gallery | Unauthenticated Local File Inclusion (LFi) |
| Where I Was, Where I Will Be | Unauthenticated Remote File Inclusion (LFi) (RFi) |
| Widget Bundle | Unauthenticated Cross-Site Scripting (XSS) |
| WishList Member X | Unautenticated Plugin Settings Change Leading to Cross-Site Scripting (XSS) |
| WishList Member X | Unauthenticated Arbitrary SQL Query Execution |
| WishList Member X | Unauthenticated Database Backup Download |
| WishList Member X | Unauthenticated Denial of Service (DoS) Attack |
| WishList Member X | Unauthenticated Settings & Users Data Dump |
| WooCommerce Dropshipping | Unauthenticated Arbitrary Email Sending |
| WooCommerce Social Login | Unauthenticated PHP Object Injection |
| WordPress Picture / Portfolio / Media Gallery | Unauthenticated Server-Side Request Forgery (SSRF) |
| WP Child Theme Generator | Unauthenticated Child Theme Creation (BAC) /Activation |
| WP Cookie Notice for GDPR, CCPA & ePrivacy Consent | Unauthenticated Cross-Site Scripting (XSS) via Client-IP header |
| wpDataTables | Unauthenticated SQL Injection (SQLi) |
| WP Hotel Booking | Unauthenticated SQL Injection (SQLi) |
| WP Logs Book | Unauthenticated Cross-Site Scripting (XSS) |
| WP-Recall | Unauthenticated Payment Deletion (BAC) via delete_payment |
| WS Form LITE | Unauthenticated CSV Injection |
| WS Form Pro | Unauthenticated CSV Injection |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 287 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP JUL 2024 Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
