Unauthenticated WP JUN 2024
Tailored WP/Woo Security Report
Be informed about the latest Unauthenticated WP JUN 2024 – WP Security Circumvention, identified and reported publicly. It is a -39% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your Unauthenticated WP JUN 2024 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP JUN 2024 category:
| Atarim | Unauthenticated Cross-Site Scripting (XSS) |
| Back In Stock Notifier for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Booster for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Business Directory Plugin | Unauthenticated SQL Injection (SQLi) via listingfields Parameter |
| Contact Form by WPForms | Unauthenticated Price Manipulation (BAC) |
| Copymatic – AI Content Writer & Generator | Unauthenticated Arbitrary File Upload (BAC) |
| Cost Calculator Builder Pro | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Country State City Dropdown CF7 | Unauthenticated SQL Injection (SQLi) |
| Email Log | Unauthenticated Hook Injection |
| Flash & HTML5 Video | Unauthenticated SQL Injection (SQLi) |
| Gravity Forms Unique ID | Unauthenticated Form Submission Unique ID Modification |
| Hash Form – Drag & Drop Form Builder | Unauthenticated Arbitrary File Upload (BAC) to Remote Code Execution (RCE) |
| Hash Form – Drag & Drop Form Builder | Unauthenticated PHP Object Injection |
| Hotel Booking Lite | Unauthenticated PHP Object Injection |
| Last Viewed Posts by WPBeginner | Unauthenticated PHP Object Injection |
| LearnPress | Unauthenticated Bypass (BAC) to User Registration |
| LearnPress | Unauthenticated Time-Based SQL Injection (SQLi) |
| NextScripts | Unauthenticated Cross-Site Scripting (XSS) via User Agent |
| Orders Tracking for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Penci Soledad Data Migrator | Unauthenticated Local File Inclusion (LFi) |
| Popup4Phone | Unauthenticated Cross-Site Scripting (XSS) |
| Porto Theme | Unauthenticated Local File Inclusion (LFi) via porto_ajax_posts |
| Simple Basic Contact Form | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Slider Revolution | Unauthenticated Broken Access Control (BAC) |
| SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress | Unauthenticated Private Keys Access |
| Startklar Elementor Addons | Unauthenticated Arbitrary File Deletion |
| Startklar Elementor Addons | Unauthenticated Arbitrary File Upload (BAC) |
| Stockholm Theme | Unauthenticated Local File Inclusion (LFi) |
| Swift Framework | Missing Authorization (BAC) to Unauthenticated Arbitrary Content Update |
| Userpro | Unauthenticated Account Takeover |
| Web Directory Free | Unauthenticated SQL Injection (SQLi) |
| WPCafe | Unauthenticated Server-Side Request Forgery (SSRF) |
| wpDataTables | Unauthenticated Cross-Site Scripting (XSS) via CSV Import |
| WP Photo Album Plus | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| WP Photo Album Plus | Unauthenticated Arbitrary File Upload (BAC) |
| WPZOOM Addons for Elementor (Templates, Widgets) | Unauthenticated Local File Inclusion (LFi) |
| XML Sitemap & Google News | Unauthenticated Local File Inclusion (LFi) |
| YITH WooCommerce Ajax Search | Unauthenticated Cross-Site Scripting (XSS) |
| YITH WooCommerce Gift Cards | Multiple BAC – Missing Authorization to Unauthenticated WooCommerce Settings Update |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 232 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP JUN 2024 Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
