Scroll Top

Unauthenticated WP MAY 2024 – 64 Security Abuse

UNAUTHENTICATED WP MAY 2024 - WP SECURITY CIRCUMVENTION

Unauthenticated WP MAY 2024

Tailored WP/Woo Security Report

Be informed about the latest Unauthenticated WP MAY 2024 – WP Security Circumvention, identified and reported publicly. It is a +19% INCREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your Unauthenticated WP MAY 2024 Patch Management.

The following cases made headlines PUBLICLY just last month in the Unauthenticated WP MAY 2024 category:

BackWPup Unauthenticated Backup Download (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Broken Access Control (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Privilege Escalation (BAC)
Bricksforge Unauthenticated Arbitrary Email Sending
Bricksforge Unauthenticated Arbitrary WordPress Setting Deletion (BAC)
Bricksforge Unauthenticated Arbitrary WordPress Settings Change
Citadela Listing Unauthenticated Private Data Exposure
Contact Form Entries Unauthenticated Cross-Site Scripting (XSS)
Customily Product Personalizer Unauthenticated Cross-Site Scripting (XSS)
Demo My WordPress Unauthenticated Privilege Escalation (BAC)
EleForms Unauthenticated Cross-Site Scripting (XSS)
Email Subscribers & Newsletters Unauthenticated SQL Injection (SQLi)
Essential Addons for Elementor Unauthenticated Private Private Information Exposure
Essential Grid Unauthenticated Private Post Disclosure
Forminator Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC)
InstaWP Connect Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed
Language Translate Widget for WordPress – ConveyThis Unauthenticated Cross-Site Scripting (XSS) via api_key
LayerSlider Unauthenticated SQL Injection (SQLi)
LoginPress Pro Unauthenticated License Activation/Deactivation (BAC)
Mailster Unauthenticated Local File Inclusion (LFi)
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via modal
MasterStudy LMS Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action
MasterStudy LMS Unauthenticated Local File Inclusion (LFi) via template
Max Addons Pro for Bricks Unauthenticated Plugin Settings Reset
NextGEN Gallery Missing Authorization (BAC) to Unauthenticated Information Disclosure
OrderConvo Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Arbitrary Post/Page Deletion (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Server-Side Request Forgery (SSRF)
Poll Maker Missing Authorization (BAC) to Unauthenticated Private Email Enumeration
Poll Maker Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Post Grid Unauthenticated Password Protected Posts Access (BAC)
PPOM for WooCommerce Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file
Realtyna Organic IDX plugin Unauthenticated SQL Injection (SQLi)
Rehub Theme Unauthenticated Local File Inclusion (LFi)
Relevanssi Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Unauthenticated Second Order CSV Injection
Relevanssi Premium Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Premium Unauthenticated Second Order CSV Injection
Royal Elementor Addons Unauthenticated Limited File Upload (BAC)
Salon booking system Unauthenticated Cross-Site Scripting (XSS)
Sharkdropship for AliExpress Dropship and Affiliate Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Simple Buttons Creator Unauthenticated Cross-Site Scripting (XSS)
Simple Registration for WooCommerce Unauthenticated Privilege Escalation (BAC)
Social Pug Unauthenticated Password Protected Posts Access (BAC)
Soledad Theme Unauthenticated Broken Access Control (BAC)
User Registration Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC)
Wholesale For WooCommerce Unauthenticated Arbitrary Post/Page
WooCommerce PDF Invoices & Packing Slips Unauthenticated Server Side Request Forgery
WooCommerce PDF Invoices & Packing Slips Unauthenticated Cross-Site Scripting (XSS)
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Missing Authorization (BAC) to Unauthenticated Settings Reset
WOOCS – WooCommerce Currency Switcher Unauthenticated Arbitrary Shortcode Execution
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
WP ERP Unauthenticated Cross-Site Scripting (XSS)
WP Members Unauthenticated Cross-Site Scripting (XSS)
WP Meta SEO Unauthenticated Cross-Site Scripting (XSS) via Referer header
WZone Unauthenticated Broken Access Control (BAC)
WZone Unauthenticated SQL Injection (SQLi)
XStore Core Unauthenticated PHP Object Injection
XStore Core Unauthenticated Privilege Escalation (BAC)
XStore Core Unauthenticated SQL Injection (SQLi)
XStore Theme Unauthenticated Broken Access Control (BAC)
XStore Theme Unauthenticated Local File Inclusion (LFi)
XStore Theme Unauthenticated SQL Injection (SQLi)
Z Y N I T H Unauthenticated Cross-Site Scripting (XSS)
Unauthenticated WordPress reported in 2023: 235
Unauthenticated WordPress reported in 2024: 193
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP MAY 2024 Patch Management.

Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for an Unrestricted Access consulting! Decide after you compare RISK + IMPACT versus COST.

Related Posts

owlpower.eu
owlpower.eu