WP BAC APR 2024
WP Broken Access Control
Tailored WordPress Security Report
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC APR 2024 is a +8% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC APR 2024: WP Broken Access Control Patch Management.
The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
360 Javascript Viewer | Missing Authorization (BAC) to Plugin Settings Update (BAC) |
Accordion | Missing Authorization (BAC) to Post Duplication |
Advanced Classifieds & Directory Pro | Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC) |
affiliate-toolkit | Missing Authorization (BAC) via atkp_create_list |
affiliate-toolkit | Missing Authorization (BAC) via atkp_import_product |
AI Engine: ChatGPT Chatbot | Arbitrary File Upload (BAC) |
AI WP Writer | Broken Access Control (BAC) |
Ajax Load More | Directory Traversal (BAC) to Arbitrary File Read (BAC) |
ArtiBot | Missing Authorization (BAC) to Settings Update (BAC) |
Auto Affiliate Links | Missing Authorization (BAC) via aalAddLink |
Avada Theme | Unauthenticated Sensitive Information Exposure via Form Upload (BAC) Directory Listing |
Awesome Support | Broken Access Control (BAC) |
Backuply – Backup, Restore, Migrate and Clone | Directory Traversal (BAC) |
BEAR | Broken Access Control (BAC) |
Booking Package | Price Manipulation (BAC) |
Booster Elite for WooCommerce | Arbitrary File Upload (BAC) |
BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC) |
BuddyForms | Missing Authorization (BAC) |
BuddyForms | Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) |
Build & Control Block Patterns | Missing Authorization (BAC) |
Bulgarisation for WooCommerce | Missing Authorization (BAC) |
Calendarista Basic Edition | Broken Access Control (BAC) |
Categorify | Multiple Missing Authorization (BAC) |
CGC Maintenance Mode | IP Filtering Bypass (BAC) |
Change Memory Limit | Missing Authorization (BAC) via admin_logic() |
Chauffeur Taxi Booking System for WordPress | Arbitrary File Upload (BAC) |
Church Admin | Broken Access Control (BAC) |
CM Download Manager | Download Edit (BAC) via Cross-Site Request Forgery (CSRF) |
CM Download Manager | Download Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
CM Download Manager | Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF) |
Colibri Page Builder | Broken Access Control (BAC) |
Colibri Page Builder | Missing Authorization (BAC) |
Coming Soon, Under Construction & Maintenance Mode By Dazzler | Maintenance Mode Bypass (BAC) |
Complianz – GDPR/CCPA Cookie Consent | Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC) |
Contests by Rewards Fuel | Cross-Site Scripting (XSS) via Update (BAC)_rewards_fuel_api_key |
Cryptocurrency Widgets – Price Ticker & Coins List | Broken Access Control (BAC) |
CubeWP – All-in-One Dynamic Content Framework | Arbitrary File Upload (BAC) |
DELUCKS SEO | Broken Access Control (BAC) |
DX-Watermark | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS) |
Easy Appointments | Insufficient Authorization (BAC) |
Enjoy Social Feed plugin for WordPress website | Plugin Database Reset (BAC) |
Error Log Viewer by BestWebSoft | Directory Listing (BAC) to Private Data Exposure |
Essential Blocks for Gutenberg | Broken Access Control (BAC) |
Event Tickets | Improper Authorization (BAC) to Private Information Disclosure |
EventPrime | Multiple Missing Authorization (BAC) |
EventPrime | Multiple Missing Authorization (BAC) |
EventPrime | Multiple Missing Authorization (BAC) |
Events Manager | Broken Access Control (BAC) |
File Manager | Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC) |
File Manager | Directory Traversal (BAC) |
File Manager Pro | Directory Traversal (BAC) |
Finale Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
Formidable Registration | Arbitrary User Password Reset (BAC) to Account Takeover |
Graphene Theme | Missing Authorization (BAC) |
HT Easy GA4 ( Google Analytics 4 ) | Missing Authorization (BAC) to Unauthenticated GA Email Update (BAC) |
HT Mega | Directory Traversal (BAC) |
Import Export WordPress Users | Path Traversal (BAC) |
IP Blocker Lite | Bypass (BAC) |
JCH Optimize | Broken Access Control (BAC) |
Klarna Payments for WooCommerce | Broken Access Control (BAC) |
LadiApp | Missing Authorization (BAC) |
Layouts for Elementor | Arbitrary File Upload (BAC) |
Management App for WooCommerce | Arbitrary File Upload (BAC) |
Master Slider | Cross-Site Scripting (XSS) via slider callback |
MasterStudy LMS | Missing Authorization (BAC) to Sensitive Information Exposure in search_posts |
Max Mega Menu | Broken Access Control (BAC) |
Mollie Forms | Missing Authorization (BAC) to Arbitrary Post Duplication |
Mollie Forms | Missing Authorization (BAC) |
Move Addons for Elementor | Broken Access Control (BAC) |
MP3 Audio Player for Music, Radio & Podcast by Sonaar | Broken Access Control (BAC) |
Multiple Page Generator Plugin – MPG | Broken Access Control (BAC) |
Networker Theme | Missing Authorization (BAC) |
New Order Notification for Woocommerce | Broken Access Control (BAC) |
Newsletter | IP Blacklist Bypass (BAC) |
NextMove Lite | Missing Authorization (BAC) to Unauthenticated System Private Information Disclosure |
OceanWP Theme | Missing Authorization (BAC) to Sensitive Information Exposure via LimitedLocal File Inclusion (BAC) |
Olive One Click Demo Import | Broken Access Control (BAC) |
Order Tip for WooCommerce | Missing Authorization (BAC) to Unauthenticated Data Export |
Otter Blocks PRO | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
Page Builder Sandwich – Front-End Page Builder | Missing Authorization (BAC) to Arbitrary Post Editing |
PageLayer | Broken Access Control (BAC) |
Permalink Manager Lite | Missing Authorization (BAC) via get_uri_editor |
Permalink Manager Lite | Missing Authorization (BAC) to Arbitrary post slug modification |
Pie Register | Unauthenticated Arbitrary File Upload (BAC) |
Play.ht | Missing Authorization (BAC) |
Pods | Missing Authorization (BAC) |
Premmerce Permalink Manager for WooCommerce | Local File Inclusion (BAC) |
Product Import Export for WooCommerce | Arbitrary File Upload (BAC) |
RegistrationMagic | Privilege Escalation (BAC) |
Restaurant Reservations | Directory Traversal (BAC) to Local File Inclusion (BAC) |
RevivePress | Missing Authorization (BAC) |
RT Easy Builder – Advanced addons for Elementor | Broken Access Control (BAC) |
Salon booking system | Arbitrary File Upload (BAC) |
Shortcode Addons | Arbitrary File Upload (BAC) |
Shortcodes and extra features for Phlox Theme | Broken Access Control (BAC) |
Shortlinks by Pretty Links | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
Simple Restrict | Missing Authorization (BAC) to Sensitive Information Exposure |
Simply Schedule Appointments | Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC) |
Sirv | Broken Access Control (BAC) |
Sliced Invoices | Broken Access Control (BAC) |
Smart Custom Fields | Missing Authorization (BAC) to Post Content Private Information Disclosure |
Social Icons Widget & Block by WPZOOM | Broken Access Control (BAC) |
SP Project & Document Manager | Broken Access Control (BAC) to Cross-Site Scripting (XSS) |
Spiffy Calendar | Broken Access Control (BAC) |
SportsPress – Sports Club & League Manager | Missing Authorization (BAC) to Unauthenticated Event Permalink Update (BAC) |
Tainacan | Broken Access Control (BAC) |
TeraWallet – For WooCommerce | Missing Authorization (BAC) to User Email Export |
Testimonial Slider | Settings Update (BAC) |
The Plus Addons for Elementor Page Builder Lite | Local File Inclusion (BAC) |
Total Theme | Missing Authorization (BAC) to Sections Update (BAC) |
Tourfic | Arbitrary File Upload (BAC) |
Tumult Hype Animations | Arbitrary File Upload (BAC) |
Tutor LMS | Missing Authorization (BAC) to Arbitrary Post Deletion (BAC) |
Ultimate Gift Cards For WooCommerce | Missing Authorization (BAC) to Unauthenticated Information Exposure |
VS Contact Form | Captcha Bypass (BAC) |
weForms | Broken Access Control (BAC) |
Whizzy | Broken Access Control (BAC) |
WholesaleX | Broken Access Control (BAC) |
WooCommerce Add to Cart Custom Redirect | Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC) |
WooCommerce Cloak Affiliate Links | Missing Authorization (BAC) to Unauthenticated Permalink Modification |
WooCommerce Clover Payment Gateway | Missing Authorization (BAC) via callback_handler |
WooCommerce Multilingual & Multicurrency | Broken Access Control (BAC) |
WP Compress – Image Optimizer [All-In-One] | Missing Authorization (BAC) to Unauthenticated CDN Modification |
WP Express Checkout (Accept PayPal Payments) | Price Manipulation (BAC) |
WP Hotel Booking | Broken Access Control (BAC) |
WP SendFox | Broken Access Control (BAC) |
Wp Social | Missing Authorization (BAC) to Unauthenticated Social Login/Share Status Update (BAC) |
WPC Management for WooCommerce | Broken Access Control (BAC) |
YITH WooCommerce Account Funds Premium | Broken Access Control (BAC) |
Zippy | Arbitrary File Upload (BAC) |
WP BAC & WordPress Broken Access Control reported in 2023: | 931 |
WP BAC & WordPress Broken Access Control reported in 2024: | 343 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC APR 2024: WP Broken Access Control Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.