Scroll Top

Unauthenticated WP MAY 2024 – 64 Security Abuse

By Csaba, Miklós WP Security owl WAF 8 May 2024

UNAUTHENTICATED WP MAY 2024 - WP SECURITY CIRCUMVENTION

Unauthenticated WP MAY 2024

Tailored WP/Woo Security Report

Be informed about the latest Unauthenticated WP MAY 2024 - WP Security Circumvention, identified and reported publicly. It is a +19% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your Unauthenticated WP MAY 2024 Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the Unauthenticated WP MAY 2024 category:

BackWPup Unauthenticated Backup Download (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Broken Access Control (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Privilege Escalation (BAC)
Bricksforge Unauthenticated Arbitrary Email Sending
Bricksforge Unauthenticated Arbitrary WordPress Setting Deletion (BAC)
Bricksforge Unauthenticated Arbitrary WordPress Settings Change
Citadela Listing Unauthenticated Private Data Exposure
Contact Form Entries Unauthenticated Cross-Site Scripting (XSS)
Customily Product Personalizer Unauthenticated Cross-Site Scripting (XSS)
Demo My WordPress Unauthenticated Privilege Escalation (BAC)
EleForms Unauthenticated Cross-Site Scripting (XSS)
Email Subscribers & Newsletters Unauthenticated SQL Injection (SQLi)
Essential Addons for Elementor Unauthenticated Private Private Information Exposure
Essential Grid Unauthenticated Private Post Disclosure
Forminator Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC)
InstaWP Connect Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed
Language Translate Widget for WordPress – ConveyThis Unauthenticated Cross-Site Scripting (XSS) via api_key
LayerSlider Unauthenticated SQL Injection (SQLi)
LoginPress Pro Unauthenticated License Activation/Deactivation (BAC)
Mailster Unauthenticated Local File Inclusion (LFi)
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via modal
MasterStudy LMS Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via template
Max Addons Pro for Bricks Unauthenticated Plugin Settings Reset
NextGEN Gallery Missing Authorization (BAC) to Unauthenticated Information Disclosure
OrderConvo Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Arbitrary Post/Page Deletion (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Server-Side Request Forgery (SSRF)
Poll Maker Missing Authorization (BAC) to Unauthenticated Private Email Enumeration
Poll Maker Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Post Grid Unauthenticated Password Protected Posts Access (BAC)
PPOM for WooCommerce Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file
Realtyna Organic IDX plugin Unauthenticated SQL Injection (SQLi)
Rehub Theme Unauthenticated Local File Inclusion (LFi)
Relevanssi Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Unauthenticated Second Order CSV Injection
Relevanssi Premium Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Premium Unauthenticated Second Order CSV Injection
Royal Elementor Addons Unauthenticated Limited File Upload (BAC)
Salon booking system Unauthenticated Cross-Site Scripting (XSS)
Sharkdropship for AliExpress Dropship and Affiliate Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Simple Buttons Creator Unauthenticated Cross-Site Scripting (XSS)
Simple Registration for WooCommerce Unauthenticated Privilege Escalation (BAC)
Social Pug Unauthenticated Password Protected Posts Access (BAC)
Soledad Theme Unauthenticated Broken Access Control (BAC)
User Registration Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC)
Wholesale For WooCommerce Unauthenticated Arbitrary Post/Page
WooCommerce PDF Invoices & Packing Slips Unauthenticated Server Side Request Forgery
WooCommerce PDF Invoices & Packing Slips Unauthenticated Cross-Site Scripting (XSS)
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Missing Authorization (BAC) to Unauthenticated Settings Reset
WOOCS – WooCommerce Currency Switcher Unauthenticated Arbitrary Shortcode Execution
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
WP ERP Unauthenticated Cross-Site Scripting (XSS)
WP Members Unauthenticated Cross-Site Scripting (XSS)
WP Meta SEO Unauthenticated Cross-Site Scripting (XSS) via Referer header
WZone Unauthenticated Broken Access Control (BAC)
WZone Unauthenticated SQL Injection (SQLi)
XStore Core Unauthenticated PHP Object Injection
XStore Core Unauthenticated Privilege Escalation (BAC)
XStore Core Unauthenticated SQL Injection (SQLi)
XStore Theme Unauthenticated Broken Access Control (BAC)
XStore Theme Unauthenticated Local File Inclusion (LFi)
XStore Theme Unauthenticated SQL Injection (SQLi)
Z Y N I T H Unauthenticated Cross-Site Scripting (XSS)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 193
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP MAY 2024 Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for an Unrestricted Access consulting! Decide after you compare RISK + IMPACT versus COST.

Related Posts

UNRESTRICTED ACCESS ISSUES
Unrestricted Access JAN 2023 – 6 WP Security Circumvention
24 Jan 2023
UNRESTRICTED ACCESS ISSUES
Unrestricted Access OCT 2022 – 18 WP Security Circumvention
12 Oct 2022
UNRESTRICTED ACCESS ISSUES
Unrestricted Access MAY 2023 – 18 WP Security Circumvention
10 May 2023
UNRESTRICTED ACCESS ISSUES
Unauthenticated WP AUG 2024 – 68 Security Abuse
08 Aug 2024
UNRESTRICTED ACCESS ISSUES
Unauthenticated WP SEP 2024 – 65 Security Abuse
05 Sep 2024
UNRESTRICTED ACCESS ISSUES
29 Unrestricted Access JAN 2022 – WP Security Circumvention
13 Jan 2022
UNRESTRICTED ACCESS ISSUES
28 Unrestricted Access OCT 2021 – WP Security Circumvention
08 Dec 2021
UNRESTRICTED ACCESS ISSUES
Unauthenticated WP JUL 2024 – 55 Security Abuse
04 Jul 2024
UNRESTRICTED ACCESS ISSUES
35 Unrestricted Access JUL 2021 – WP Security Circumvention
13 Aug 2021
UNRESTRICTED ACCESS ISSUES
37 Unrestricted Access SEP 2021 – WP Security Circumvention
04 Nov 2021
UNRESTRICTED ACCESS ISSUES
49 Unrestricted Access FEB 2022 – WP Security Circumvention
10 Feb 2022
UNRESTRICTED ACCESS ISSUES
Unrestricted Access FEB 2023 – 29 WP Security Circumvention
14 Feb 2023
UNRESTRICTED ACCESS ISSUES
Unauthenticated WP OCT 2024 – 48 Security Abuse
08 Oct 2024
UNRESTRICTED ACCESS ISSUES
25 Unrestricted Access MAY 2021 – WP Security Circumvention
08 Jun 2021
UNRESTRICTED ACCESS ISSUES
33 Unrestricted Access APR 2022 – WP Security Circumvention
06 Apr 2022
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.