Unauthenticated WP SEP 2024
Tailored WP/Woo Security Report
Be informed about the latest Unauthenticated WP SEP 2024 – WP Security Circumvention, identified and reported publicly. It is a -4% DECREASE compared to previous month, as specifically going around existing security. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your Unauthenticated WP SEP 2024 Patch Management.
The following cases made headlines PUBLICLY just last month in the Unauthenticated WP SEP 2024 category:
| affiliate-toolkit | Unauthenticated Full Path Dislcosure (BAC) |
| Amelia | Unauthenticated Full Path Disclosure (BAC) |
| App Builder | Unauthenticated SQL Injection (SQLi) via app-builder-search |
| Backup and Restore WordPress | Unauthenticated Broken Access Control (BAC) |
| BerqWP | Unauthenticated File Upload (BAC) |
| Bit Form Pro | Unauthenticated File Deletion (BAC) |
| Contest Gallery | Unauthenticated Comment UserID And IP address Disclosure (BAC) |
| Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated Post/Page Deletion (BAC) |
| Docket (WooCommerce Collections / Wishlist / Watchlist) | Unauthenticated SQL Injection (SQLi) |
| Droip | Unauthenticated File Download/Deletion (BAC) |
| Ebook Store | Unauthenticated Full Path Disclosure (BAC) |
| Funnelforms Free | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) and Deletion (BAC) |
| GEO my WordPress | Unauthenticated Local File Inclusion (LFi) |
| GiveWP | Missing Authorization (BAC) to Unauthenticated Event Settings Update (BAC) |
| GiveWP | Unauthenticated PHP Object Injection to Remote Code Execution (RCE) (RCE) |
| GiveWP | Unauthenticated Full Path Disclosure (BAC) |
| Grow by Tradedoubler | Unauthenticated Local File Inclusion (LFi) |
| Hide My Site | Unauthenticated Private Information Exposure |
| Icegram | Unauthenticated Private Unpublished Campaign Viewer |
| InPost for WooCommerce | Unauthenticated File Read (BAC)/Delete (BAC) |
| InPost PL | Unauthenticated File Read (BAC)/Delete (BAC) |
| JobSearch | Unauthenticated Account Takeover (BAC) |
| JS Help Desk – Best Help Desk & Support Plugin | Unauthenticated Remote Code Execution (RCE) |
| Justified Image Grid | Unauthenticated Server Side Request Forgery (SSRF) |
| Linkify Text | Unauthenticated Full Path Disclosure (BAC) |
| LiquidPoll – Advanced Polls for Creators and Brands | Unauthenticated Cross-Site Scripting (XSS) |
| LiteSpeed Cache | Unauthenticated Privilege Escalation (BAC) |
| Metform Elementor Contact Form Builder | Unauthenticated Double-Extension File Upload (BAC) |
| Mollie Payments for WooCommerce | Unauthenticated Full Path Disclosure (BAC) |
| Music Request Manager | Unauthenticated Cross-Site Scripting (XSS) |
| My Custom CSS PHP & ADS | Unauthenticated Full Path Disclosure (BAC) |
| News Element Elementor Blog Magazine | Unauthenticated Local File Inclusion (LFi) |
| Newsletters | Unauthenticated Full Path Disclosure (BAC) |
| NitroPack | Unauthenticated Shortcode Execution |
| No Update Nag | Unauthenticated Full Path Disclosure (BAC) |
| Obfuscate Email | Unauthenticated Full Path Disclosure (BAC) |
| Opal Membership | Unauthenticated Cross-Site Scripting (XSS) |
| Opti Marketing | Unauthenticated SQL Injection (SQLi) |
| PDF Builder for WPForms | Unauthenticated Full Path Disclosure (BAC) |
| Permalink Manager Lite | Missing Authorization (BAC) to Unauthenticated Private Information Exposure |
| Premium SEO Pack | Unauthenticated Private Information Exposure |
| Propovoice Pro | Unauthenticated SQL Injection (SQLi) |
| Relevanssi | Unauthenticated Private Information Exposure |
| Relevanssi Live Ajax Search | Unauthenticated WP_Query Argument Injection |
| Reveal Template | Unauthenticated Full Path Disclosure (BAC) |
| Skitter Slideshow | Unauthenticated Server-Side Request Forgery |
| SmartSearch WP | Unauthenticated SQL Injection (SQLi) |
| SmartSearch WP | Unauthenticated Cross-Site Scripting (XSS) |
| Traffic Manager | Unauthenticated Cross-Site Scripting (XSS) |
| TrueBooker | Multiple Unauthenticated SQL Injection (SQLi) |
| Ultimate Membership Pro | Unauthenticated PHP Object Injection |
| Ultimate Membership Pro | Unauthenticated Privilege Escalation (BAC) |
| WBW Product Table PRO | Unauthenticated SQL Query Execution |
| Web Directory Free | Unauthenticated Local File Inclusion (LFi) |
| Woffice Theme | Unauthenticated Privilege Escalation (BAC) |
| WooCommerce PDF Vouchers | Unauthenticated File Deletion (BAC) |
| WooCommerce PDF Vouchers | Unauthenticated Multiple Vulnerabilities |
| Woo Inquiry | Unauthenticated SQL Injection (SQLi) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC) |
| WordPress File Upload | Unauthenticated Cross-Site Scripting (XSS) |
| wpDiscuz | Unauthenticated HTML Injection |
| wpForo Forum | Unauthenticated Private Data Exposure |
| YayExtra | Unauthenticated File Upload (BAC) via handle_Upload (BAC)_file Function |
| Z Y N I T H | Unauthenticated Option Deletion (BAC) |
| Z Y N I T H | Unauthenticated Plugin Settings Change (BAC) |
| Unauthenticated WordPress reported in 2023: | 235 |
| Unauthenticated WordPress reported in 2024: | 420 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order Unauthenticated WP SEP 2024 Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
