Scroll Top

Brutal WP BAC APR 2024: 130 WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 11 April 2024

WP BAC APR 2024: WP BROKEN ACCESS CONTROL

WP BAC APR 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC APR 2024 is a +8% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP BAC APR 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

360 Javascript Viewer Missing Authorization (BAC) to Plugin Settings Update (BAC)
Accordion Missing Authorization (BAC) to Post Duplication
Advanced Classifieds & Directory Pro Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC)
affiliate-toolkit Missing Authorization (BAC) via atkp_create_list
affiliate-toolkit Missing Authorization (BAC) via atkp_import_product
AI Engine: ChatGPT Chatbot Arbitrary File Upload (BAC)
AI WP Writer Broken Access Control (BAC)
Ajax Load More Directory Traversal (BAC) to Arbitrary File Read (BAC)
ArtiBot Missing Authorization (BAC) to Settings Update (BAC)
Auto Affiliate Links Missing Authorization (BAC) via aalAddLink
Avada Theme Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing
Awesome Support Broken Access Control (BAC)
Backuply – Backup, Restore, Migrate and Clone Directory Traversal (BAC)
BEAR Broken Access Control (BAC)
Booking Package Price Manipulation (BAC)
Booster Elite for WooCommerce Arbitrary File Upload (BAC)
BuddyForms Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC)
BuddyForms Missing Authorization (BAC)
BuddyForms Missing Authorization (BAC) to Unauthenticated Media Upload (BAC)
Build & Control Block Patterns Missing Authorization (BAC)
Bulgarisation for WooCommerce Missing Authorization (BAC)
Calendarista Basic Edition Broken Access Control (BAC)
Categorify Multiple Missing Authorization (BAC)
CGC Maintenance Mode IP Filtering Bypass (BAC)
Change Memory Limit Missing Authorization (BAC) via admin_logic()
Chauffeur Taxi Booking System for WordPress Arbitrary File Upload (BAC)
Church Admin Broken Access Control (BAC)
CM Download Manager Download Edit (BAC) via Cross-Site Request Forgery (CSRF)
CM Download Manager Download Deletion (BAC) via Cross-Site Request Forgery (CSRF)
CM Download Manager Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF)
Colibri Page Builder Broken Access Control (BAC)
Colibri Page Builder Missing Authorization (BAC)
Coming Soon, Under Construction & Maintenance Mode By Dazzler Maintenance Mode Bypass (BAC)
Complianz – GDPR/CCPA Cookie Consent Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC)
Contests by Rewards Fuel Cross-Site Scripting (XSS) via Update (BAC)_rewards_fuel_api_key
Cryptocurrency Widgets – Price Ticker & Coins List Broken Access Control (BAC)
CubeWP – All-in-One Dynamic Content Framework Arbitrary File Upload (BAC)
DELUCKS SEO Broken Access Control (BAC)
DX-Watermark Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS)
Easy Appointments Insufficient Authorization (BAC)
Enjoy Social Feed plugin for WordPress website Plugin Database Reset (BAC)
Error Log Viewer by BestWebSoft Directory Listing (BAC) to Private Data Exposure
Essential Blocks for Gutenberg Broken Access Control (BAC)
Event Tickets Improper Authorization (BAC) to Private Information Disclosure
EventPrime Multiple Missing Authorization (BAC)
EventPrime Multiple Missing Authorization (BAC)
EventPrime Multiple Missing Authorization (BAC)
Events Manager Broken Access Control (BAC)
File Manager Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC)
File Manager Directory Traversal (BAC)
File Manager Pro Directory Traversal (BAC)
Finale Lite Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure
Formidable Registration Arbitrary User Password Reset (BAC) to Account Takeover
Graphene Theme Missing Authorization (BAC)
HT Easy GA4 ( Google Analytics 4 ) Missing Authorization (BAC) to Unauthenticated GA Email Update (BAC)
HT Mega Directory Traversal (BAC)
Import Export WordPress Users Path Traversal (BAC)
IP Blocker Lite Bypass (BAC)
JCH Optimize Broken Access Control (BAC)
Klarna Payments for WooCommerce Broken Access Control (BAC)
LadiApp Missing Authorization (BAC)
Layouts for Elementor Arbitrary File Upload (BAC)
Management App for WooCommerce Arbitrary File Upload (BAC)
Master Slider Cross-Site Scripting (XSS) via slider callback
MasterStudy LMS Missing Authorization (BAC) to Sensitive Information Exposure in search_posts
Max Mega Menu Broken Access Control (BAC)
Mollie Forms Missing Authorization (BAC) to Arbitrary Post Duplication
Mollie Forms Missing Authorization (BAC)
Move Addons for Elementor Broken Access Control (BAC)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Broken Access Control (BAC)
Multiple Page Generator Plugin – MPG Broken Access Control (BAC)
Networker Theme Missing Authorization (BAC)
New Order Notification for Woocommerce Broken Access Control (BAC)
Newsletter IP Blacklist Bypass (BAC)
NextMove Lite Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure
OceanWP Theme Missing Authorization (BAC) to Sensitive Information Exposure via LimitedLocal File Inclusion (BAC)
Olive One Click Demo Import Broken Access Control (BAC)
Order Tip for WooCommerce Missing Authorization (BAC) to Unauthenticated Data Export
Otter Blocks PRO Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC)
Page Builder Sandwich – Front-End Page Builder Missing Authorization (BAC) to Arbitrary Post Editing
PageLayer Broken Access Control (BAC)
Permalink Manager Lite Missing Authorization (BAC) via get_uri_editor
Permalink Manager Lite Missing Authorization (BAC) to Arbitrary post slug modification
Pie Register Unauthenticated Arbitrary File Upload (BAC)
Play.ht Missing Authorization (BAC)
Pods Missing Authorization (BAC)
Premmerce Permalink Manager for WooCommerce Local File Inclusion (BAC)
Product Import Export for WooCommerce Arbitrary File Upload (BAC)
RegistrationMagic Privilege Escalation (BAC)
Restaurant Reservations Directory Traversal (BAC) to Local File Inclusion (BAC)
RevivePress Missing Authorization (BAC)
RT Easy Builder – Advanced addons for Elementor Broken Access Control (BAC)
Salon booking system Arbitrary File Upload (BAC)
Shortcode Addons Arbitrary File Upload (BAC)
Shortcodes and extra features for Phlox Theme Broken Access Control (BAC)
Shortlinks by Pretty Links Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC)
Simple Restrict Missing Authorization (BAC) to Sensitive Information Exposure
Simply Schedule Appointments Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC)
Sirv Broken Access Control (BAC)
Sliced Invoices Broken Access Control (BAC)
Smart Custom Fields Missing Authorization (BAC) to Post Content Private Information Disclosure
Social Icons Widget & Block by WPZOOM Broken Access Control (BAC)
SP Project & Document Manager Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Spiffy Calendar Broken Access Control (BAC)
SportsPress – Sports Club & League Manager Missing Authorization (BAC) to Unauthenticated Event Permalink Update (BAC)
Tainacan Broken Access Control (BAC)
TeraWallet – For WooCommerce Missing Authorization (BAC) to User Email Export
Testimonial Slider Settings Update (BAC)
The Plus Addons for Elementor Page Builder Lite Local File Inclusion (BAC)
Total Theme Missing Authorization (BAC) to Sections Update (BAC)
Tourfic Arbitrary File Upload (BAC)
Tumult Hype Animations Arbitrary File Upload (BAC)
Tutor LMS Missing Authorization (BAC) to Arbitrary Post Deletion (BAC)
Ultimate Gift Cards For WooCommerce Missing Authorization (BAC) to Unauthenticated Information Exposure
VS Contact Form Captcha Bypass (BAC)
weForms Broken Access Control (BAC)
Whizzy Broken Access Control (BAC)
WholesaleX Broken Access Control (BAC)
WooCommerce Add to Cart Custom Redirect Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC)
WooCommerce Cloak Affiliate Links Missing Authorization (BAC) to Unauthenticated Permalink Modification
WooCommerce Clover Payment Gateway Missing Authorization (BAC) via callback_handler
WooCommerce Multilingual & Multicurrency Broken Access Control (BAC)
WP Compress – Image Optimizer [All-In-One] Missing Authorization (BAC) to Unauthenticated CDN Modification
WP Express Checkout (Accept PayPal Payments) Price Manipulation (BAC)
WP Hotel Booking Broken Access Control (BAC)
WP SendFox Broken Access Control (BAC)
Wp Social Missing Authorization (BAC) to Unauthenticated Social Login/Share Status Update (BAC)
WPC Management for WooCommerce Broken Access Control (BAC)
YITH WooCommerce Account Funds Premium Broken Access Control (BAC)
Zippy Arbitrary File Upload (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 343
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC APR 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
96 Broken Access Control JUL 2023 Vulnerabilities
19 Jul 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
WP BAC JUL 2024: 163 Brutal WP Broken Access Control
11 Jul 2024
BROKEN ACCESS CONTROL
Brutal WP BAC MAY 2024: 272 WP Broken Access Control
14 May 2024
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
WP BAC JUN 2024: 113 Brutal WP Broken Access Control
11 Jun 2024
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
WP BAC AUG 2024: 172 Brutal WP Broken Access Control
15 Aug 2024
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.