Scroll Top

Brutal WP BAC APR 2024: 130 WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 11 April 2024

WP BAC APR 2024: WP BROKEN ACCESS CONTROL

WP BAC APR 2024

WP Broken Access Control

Managed WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC APR 2024 is a +8% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.

WHO needs managed WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC APR 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

360 Javascript Viewer Missing Authorisation (BAC) to Plugin Settings Update (BAC)
Accordion Missing Authorisation (BAC) to Post Duplication
Advanced Classifieds & Directory Pro Missing Authorisation (BAC) to Arbitrary Attachment Deletion (BAC)
affiliate-toolkit Missing Authorisation (BAC) via atkp_create_list
affiliate-toolkit Missing Authorisation (BAC) via atkp_import_product
AI Engine: ChatGPT Chatbot Arbitrary File Upload (BAC)
AI WP Writer Broken Access Control (BAC)
Ajax Load More Directory Traversal (BAC) to Arbitrary File Read (BAC)
ArtiBot Missing Authorisation (BAC) to Settings Update (BAC)
Auto Affiliate Links Missing Authorisation (BAC) via aalAddLink
Avada Theme Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing
Awesome Support Broken Access Control (BAC)
Backuply – Backup, Restore, Migrate and Clone Directory Traversal (BAC)
BEAR Broken Access Control (BAC)
Booking Package Price Manipulation (BAC)
Booster Elite for WooCommerce Arbitrary File Upload (BAC)
BuddyForms Missing Authorisation (BAC) to Unauthenticated Media Deletion (BAC)
BuddyForms Missing Authorisation (BAC)
BuddyForms Missing Authorisation (BAC) to Unauthenticated Media Upload (BAC)
Build & Control Block Patterns Missing Authorisation (BAC)
Bulgarisation for WooCommerce Missing Authorisation (BAC)
Calendarista Basic Edition Broken Access Control (BAC)
Categorify Multiple Missing Authorisation (BAC)
CGC Maintenance Mode IP Filtering Bypass (BAC)
Change Memory Limit Missing Authorisation (BAC) via admin_logic()
Chauffeur Taxi Booking System for WordPress Arbitrary File Upload (BAC)
Church Admin Broken Access Control (BAC)
CM Download Manager Download Edit (BAC) via Cross-Site Request Forgery (CSRF)
CM Download Manager Download Deletion (BAC) via Cross-Site Request Forgery (CSRF)
CM Download Manager Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF)
Colibri Page Builder Broken Access Control (BAC)
Colibri Page Builder Missing Authorisation (BAC)
Coming Soon, Under Construction & Maintenance Mode By Dazzler Maintenance Mode Bypass (BAC)
Complianz – GDPR/CCPA Cookie Consent Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC)
Contests by Rewards Fuel Cross-Site Scripting (XSS) via Update (BAC)_rewards_fuel_api_key
Cryptocurrency Widgets – Price Ticker & Coins List Broken Access Control (BAC)
CubeWP – All-in-One Dynamic Content Framework Arbitrary File Upload (BAC)
DELUCKS SEO Broken Access Control (BAC)
DX-Watermark Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS)
Easy Appointments Insufficient Authorisation (BAC)
Enjoy Social Feed plugin for WordPress website Plugin Database Reset (BAC)
Error Log Viewer by BestWebSoft Directory Listing (BAC) to Private Data Exposure
Essential Blocks for Gutenberg Broken Access Control (BAC)
Event Tickets Improper Authorisation (BAC) to Private Information Disclosure
EventPrime Multiple Missing Authorisation (BAC)
EventPrime Multiple Missing Authorisation (BAC)
EventPrime Multiple Missing Authorisation (BAC)
Events Manager Broken Access Control (BAC)
File Manager Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC)
File Manager Directory Traversal (BAC)
File Manager Pro Directory Traversal (BAC)
Finale Lite Missing Authorisation (BAC) to Unauthenticated System Private Information Disclosure
Formidable Registration Arbitrary User Password Reset (BAC) to Account Takeover
Graphene Theme Missing Authorisation (BAC)
HT Easy GA4 ( Google Analytics 4 ) Missing Authorisation (BAC) to Unauthenticated GA Email Update (BAC)
HT Mega Directory Traversal (BAC)
Import Export WordPress Users Path Traversal (BAC)
IP Blocker Lite Bypass (BAC)
JCH Optimise Broken Access Control (BAC)
Klarna Payments for WooCommerce Broken Access Control (BAC)
LadiApp Missing Authorisation (BAC)
Layouts for Elementor Arbitrary File Upload (BAC)
Management App for WooCommerce Arbitrary File Upload (BAC)
Master Slider Cross-Site Scripting (XSS) via slider callback
MasterStudy LMS Missing Authorisation (BAC) to Sensitive Information Exposure in search_posts
Max Mega Menu Broken Access Control (BAC)
Mollie Forms Missing Authorisation (BAC) to Arbitrary Post Duplication
Mollie Forms Missing Authorisation (BAC)
Move Addons for Elementor Broken Access Control (BAC)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Broken Access Control (BAC)
Multiple Page Generator Plugin – MPG Broken Access Control (BAC)
Networker Theme Missing Authorisation (BAC)
New Order Notification for Woocommerce Broken Access Control (BAC)
Newsletter IP Blacklist Bypass (BAC)
NextMove Lite Missing Authorisation (BAC) to Unauthenticated System Private Information Disclosure
OceanWP Theme Missing Authorisation (BAC) to Sensitive Information Exposure via LimitedLocal File Inclusion (BAC)
Olive One Click Demo Import Broken Access Control (BAC)
Order Tip for WooCommerce Missing Authorisation (BAC) to Unauthenticated Data Export
Otter Blocks PRO Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC)
Page Builder Sandwich – Front-End Page Builder Missing Authorisation (BAC) to Arbitrary Post Editing
PageLayer Broken Access Control (BAC)
Permalink Manager Lite Missing Authorisation (BAC) via get_uri_editor
Permalink Manager Lite Missing Authorisation (BAC) to Arbitrary post slug modification
Pie Register Unauthenticated Arbitrary File Upload (BAC)
Play.ht Missing Authorisation (BAC)
Pods Missing Authorisation (BAC)
Premmerce Permalink Manager for WooCommerce Local File Inclusion (BAC)
Product Import Export for WooCommerce Arbitrary File Upload (BAC)
RegistrationMagic Privilege Escalation (BAC)
Restaurant Reservations Directory Traversal (BAC) to Local File Inclusion (BAC)
RevivePress Missing Authorisation (BAC)
RT Easy Builder – Advanced addons for Elementor Broken Access Control (BAC)
Salon booking system Arbitrary File Upload (BAC)
Shortcode Addons Arbitrary File Upload (BAC)
Shortcodes and extra features for Phlox Theme Broken Access Control (BAC)
Shortlinks by Pretty Links Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC)
Simple Restrict Missing Authorisation (BAC) to Sensitive Information Exposure
Simply Schedule Appointments Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC)
Sirv Broken Access Control (BAC)
Sliced Invoices Broken Access Control (BAC)
Smart Custom Fields Missing Authorisation (BAC) to Post Content Private Information Disclosure
Social Icons Widget & Block by WPZOOM Broken Access Control (BAC)
SP Project & Document Manager Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Spiffy Calendar Broken Access Control (BAC)
SportsPress – Sports Club & League Manager Missing Authorisation (BAC) to Unauthenticated Event Permalink Update (BAC)
Tainacan Broken Access Control (BAC)
TeraWallet – For WooCommerce Missing Authorisation (BAC) to User Email Export
Testimonial Slider Settings Update (BAC)
The Plus Addons for Elementor Page Builder Lite Local File Inclusion (BAC)
Total Theme Missing Authorisation (BAC) to Sections Update (BAC)
Tourfic Arbitrary File Upload (BAC)
Tumult Hype Animations Arbitrary File Upload (BAC)
Tutor LMS Missing Authorisation (BAC) to Arbitrary Post Deletion (BAC)
Ultimate Gift Cards For WooCommerce Missing Authorisation (BAC) to Unauthenticated Information Exposure
VS Contact Form Captcha Bypass (BAC)
weForms Broken Access Control (BAC)
Whizzy Broken Access Control (BAC)
WholesaleX Broken Access Control (BAC)
WooCommerce Add to Cart Custom Redirect Missing Authorisation (BAC) to Limited Arbitrary Options Update (BAC)
WooCommerce Cloak Affiliate Links Missing Authorisation (BAC) to Unauthenticated Permalink Modification
WooCommerce Clover Payment Gateway Missing Authorisation (BAC) via callback_handler
WooCommerce Multilingual & Multicurrency Broken Access Control (BAC)
WP Compress – Image Optimiser [All-In-One] Missing Authorisation (BAC) to Unauthenticated CDN Modification
WP Express Checkout (Accept PayPal Payments) Price Manipulation (BAC)
WP Hotel Booking Broken Access Control (BAC)
WP SendFox Broken Access Control (BAC)
Wp Social Missing Authorisation (BAC) to Unauthenticated Social Login/Share Status Update (BAC)
WPC Management for WooCommerce Broken Access Control (BAC)
YITH WooCommerce Account Funds Premium Broken Access Control (BAC)
Zippy Arbitrary File Upload (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 343
WHO needs managed WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC APR 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
WP BAC NOV 2024: 264 Brutal WP Broken Access Control
13 Nov 2024
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
WP BAC JAN 2025: Brutal 219 WP Broken Access Control
08 Jan 2025
BROKEN ACCESS CONTROL
39 Broken Access Control MAR 2023 Vulnerabilities
27 Mar 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
WP BAC JUN 2024: 113 Brutal WP Broken Access Control
11 Jun 2024
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
WP BAC JUL 2024: 163 Brutal WP Broken Access Control
11 Jul 2024
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
WP BAC SEP 2024: 176 Brutal WP Broken Access Control
17 Sep 2024
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
BROKEN ACCESS CONTROL
WP BAC DEC 2024: Brutal 205 WP Broken Access Control
05 Dec 2024
owlpower.eu
Top Searches:
infected hacked migrate perfect pagespeed managed monitoring