Scroll Top

WP BAC AUG 2024: 172 Brutal WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 15 August 2024

WP BAC AUG 2024: WP BROKEN ACCESS CONTROL

WP BAC AUG 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC AUG 2024 is a +6% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP BAC AUG 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

Academy LMS Broken Access Control (BAC)
Add Admin CSS Unauthenticated Full Path Disclosure (BAC)
Add Admin JavaScript Unauthenticated Full Path Disclosure (BAC)
Addonify Unauthenticated Full Path Disclosure (BAC)
Admin Post Navigation Unauthenticated Full Path Disclosure (BAC)
Admin Trim Interface Unauthenticated Full Path Disclosure (BAC)
Advanced AJAX Page Loader Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Affiliate Manager Profile Update (BAC) via Cross-Site Request Forgery (CSRF)
Affiliate Manager Affiliate Deletion (BAC) via Cross-Site Request Forgery (CSRF)
AForms Unauthenticated Full Path Disclosure (BAC)
AMP for WP Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Aramex Shipping WooCommerce Unauthenticated Full Path Disclosure (BAC)
Arconix FAQ Broken Access Control (BAC)
Arconix Shortcodes Broken Access Control (BAC)
ArtPlacer Widget Arbitrary Widget Deletion (BAC)
Atarim Broken Access Control (BAC)
aThemes Starter Sites Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Attachment File Icons Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Auto Featured Image (Auto Post Thumbnail) Broken Access Control (BAC)
Backup and Staging by WP Time Capsule Authentication Bypass and Privilege Escalation (BAC)
Bakes And Cakes Theme Broken Access Control (BAC) on Notice Dismissal
Bit Form – Contact Form Plugin Arbitrary File Upload (BAC)
BookingPress Arbitrary File Read to Arbitrary File Creation (BAC)
BookingPress Missing Authorization (BAC) to Arbitrary Options Update (BAC) and Arbitrary File Upload (BAC)
Booking Ultra Pro Missing Authorization (BAC) to Plugin Settings Updates (BAC)
BookYourTravel Theme Privilege Escalation (BAC)
Branda Unauthenticated Full Path Disclosure (BAC)
Brizy – Page Builder Arbitrary File Upload (BAC)
Brizy – Page Builder Missing Authorization (BAC) to Post Modification (BAC)
Business Card File Upload (BAC)
Business One Page Theme Broken Access Control (BAC) on Notice Dismissal
Campaign Monitor for WordPress Unauthenticated Full Path Disclosure (BAC)
Chained Quiz Broken Access Control (BAC)
Charitable Broken Access Control (BAC)
Church Admin Arbitrary File Upload (BAC)
CM On Demand Search And Replace Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF)
Comment Images Reloaded Arbitrary Media Deletion (BAC)
Community Events Event Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Conditional Fields for Contact Form Cross-Site Request Forgery (CSRF) to Plugin Setting Reset (BAC)
Cost Calculator Builder Missing Authorization (BAC) to Arbitrary Content Creation (BAC)
CRM Perks Forms Broken Access Control (BAC)
CTX Feed Arbitrary Options Update (BAC)
Custom Query Blocks Broken Access Control (BAC)
Default Thumbnail Plus Arbitrary File Upload (BAC)
Duplica Missing Authorization (BAC) to Users/Posts Duplicates Creation (BAC)
Duplicator Full Path Disclosure (BAC)
EazyDocs Broken Access Control (BAC)
EleForms Broken Access Control (BAC)
Email Subscribers & Newsletters Missing Authorization (BAC)
EmbedPress Broken Access Control (BAC)
Eventin Missing Authorization (BAC) to Event Data Import
EventON Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS) and Plugin Settings Updates (BAC)
Featured Image from URL Broken Access Control (BAC)
Featured Image Generator Missing Authorization (BAC) to Images Upload (BAC)
File Manager Advanced Shortcode Arbitrary File Upload (BAC)
Funnel Builder for WordPress by FunnelKit Cross-Site Scripting (XSS) via SVG Upload (BAC)
Funnel Builder for WordPress by FunnelKit Missing Authorization (BAC) to Settings Update (BAC)
Generate PDF using Contact Form Cross-Site Request Forgery (CSRF) to Arbitrary File Deletion (BAC)
Generate PDF using Contact Form Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Get Better Reviews for WooCommerce Broken Access Control (BAC)
Glossary Unauthenticated Full Path Disclosure (BAC)
Gravity Forms: Multiple Form Instances Unauthenticated Full Path Disclosure (BAC)
Hide My WP Ghost Hidden Login Page Disclosure (BAC)
IgnitionDeck Missing Authorization (BAC)
IMGspider Arbitrary File Upload (BAC)
Import Spreadsheets from Microsoft Excel Arbitrary File Upload (BAC)
Insert or Embed Articulate Content into WordPress Arbitrary File Upload (BAC)
Intelligence Unauthenticated Full Path Disclosure (BAC)
iPanorama 3 WordPress Virtual Tour Builder Broken Access Control (BAC)
IQ Testimonials Unauthenticated Arbitrary File Upload (BAC)
JetThemeCore Arbitrary File Deletion (BAC)
Jobmonster Theme Unauthenticated Arbitrary File Deletion (BAC)
Jobmonster Theme Unauthenticated Privilege Escalation (BAC)
JSON API User Unauthenticated Privilege Escalation (BAC)
Just Custom Fields Missing Authorization (BAC) via AJAX actions
Keydatas Unauthenticated Arbitrary File Upload (BAC)
Language Translate Widget for WordPress – ConveyThis Nonarbitrary Options Update (BAC)
Laposta Unauthenticated Full Path Disclosure (BAC)
LearnDash LMS – Reports Missing Authorization (BAC) to Plugin Settings Update (BAC)
LearnPress Missing Authorization (BAC) to Unauthenticated User Registration Bypass
Light Poll Poll Answers Deletion (BAC) via Cross-Site Request Forgery (CSRF)
MasterStudy LMS Privilege Escalation (BAC) to Instructor
MaxiBlocks Arbitrary File Deletion (BAC)
Media Hygiene Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC)
Media.net Ads Manager Missing Authorization (BAC) to Arbitrary File Upload (BAC)
Meks Video Importer Broken Access Control (BAC)
Metro Magazine Theme Broken Access Control (BAC) on Notice Dismissal
Modern Events Calendar Arbitrary File Upload (BAC)
Modern Events Calendar Lite Arbitrary File Upload (BAC)
Motors – Car Dealer & Classified Ads Missing Authorization (BAC)
Newsmatic Theme Broken Access Control (BAC)
Newspack Content Converter Broken Access Control (BAC)
Newspack Newsletters Broken Access Control (BAC)
Noptin Broken Access Control (BAC)
One Click Close Comments Unauthenticated Full Path Disclosure (BAC)
One Click Order ReOrder Missing Authorization (BAC) to Cross-Site Scripting (XSS)
Optimize images ALT Text (alt tag) & names for SEO using AI Unauthenticated Full Path Disclosure (BAC)
Packlink PRO shipping module Broken Access Control (BAC)
Pardakht Delkhah Form Fields Reset (BAC) via Cross-Site Request Forgery (CSRF)
Payflex Payment Gateway Missing Authorization (BAC) to Order Status Update
Pie Register Missing Authorization (BAC) to Arbitrary Plugin Installation and Activation/Deactivation
Plum: Spin Wheel & Email Popup Broken Access Control (BAC)
Plum: Spin Wheel & Email Popup Broken Access Control (BAC) to Unauthenticated Cross-Site Scripting (XSS)
PowerPack for Beaver Builder Privilege Escalation (BAC)
PowerPack Pro for Elementor Privilege Escalation (BAC)
Pricing Table Missing Authorization (BAC)
Product Delivery Date for WooCommerce – Lite Broken Access Control (BAC)
Product Designer Arbitrary Content Deletion (BAC)
Product Designer Missing Authorization (BAC) to Unauthenticated Arbitrary Attachment Deletion (BAC)
Profile Builder Unauthenticated Media Upload (BAC)
ProfileGrid Broken Access Control (BAC)
ProfileGrid Privilege Escalation (BAC)
Quotes And Tips Arbitrary File Upload (BAC)
Realtyna Organic IDX plugin Arbitrary File Upload (BAC)
ReDi Restaurant Reservation Broken Access Control (BAC)
Redux Framework Unauthenticated JSON File Upload (BAC) to Cross-Site Scripting (XSS)
Responsive Image Gallery, Gallery Album Broken Access Control (BAC)
SchedulePress Unauthenticated Full Path Disclosure (BAC)
ScrollTo Bottom Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
ScrollTo Top Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Seraphinite Accelerator (Full, premium) Cross-Site Request Forgery (CSRF) Leading to Arbitrary File Deletion (BAC)
Seraphinite Post .DOCX Source Broken Access Control (BAC)
Simple Photoswipe Arbitrary Settings Update (BAC)
Sirv Missing Authorization (BAC) to Plugin Settings Update (BAC)
SiteGround Security Broken Access Control (BAC)
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer Unauthenticated Full Path Disclosure (BAC)
Social Auto Poster Arbitrary File Upload (BAC)
Social Auto Poster Missing Authorization (BAC) to Arbitrary Post Meta Update via wpw_auto_poster_update_tweet_template
Social Auto Poster Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Social Auto Poster Missing Authorization (BAC) via Multiple Functions
Spectra Broken Access Control (BAC)
SULly Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF)
Support SVG Cross-Site Scripting (XSS) via SVG Upload (BAC)
SVG Block Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Tainacan Missing Authorization (BAC) to Arbitrary File Read
The Post Grid Broken Access Control (BAC)
Titan Antispam & Security Broken Access Control (BAC)
Tutor LMS – Migration Tool Missing Authorization (BAC) in tutor_lp_export_xml and tutor_import_from_xml
Ultimate Addons for Elementor Privilege Escalation (BAC)
Ultimate Auction Missing Authorization (BAC) to Unauthenticated Email Creation (BAC)
User Activity Log Pro Multiple Broken Access Control (BAC)
Web and WooCommerce Addons for WPBakery Builder Missing Authorization (BAC) to Plugin Settings Modification (BAC)
Wholesale Suite Broken Access Control (BAC)
Woffice Core Unauthenticated Broken Access Control (BAC)
Woocommerce OpenPos Unauthenticated Arbitrary File Deletion (BAC)
WooCommerce Product Table Lite Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WordPress Cliengo Chatbot plugin Missing Authorization (BAC) to Authorized Chatbot Settings Update (BAC)
WordPress Cliengo Chatbot plugin Missing Authorization (BAC) to Unauthenticated Chatbot Settings Update (BAC)
WordPress Form Builder Plugin – Gutenberg Forms Unauthenticated Arbitrary File Upload (BAC)
WordPress Happy SCSS Compiler Compile SCSS to CSS automatically plugin Missing Authorization (BAC) to Cross-Site Scripting (XSS)
WP Accessibility Helper (WAH) Broken Access Control (BAC)
WP Ajax Contact Form Arbitrary Email Deletion (BAC) via Cross-Site Request Forgery (CSRF)
WP EasyPay Missing Authorization (BAC) to Unauthenticated Service Disconnection
WP eMember Arbitrary File Upload (BAC)
WP eStore Coupon Deletion (BAC) via Cross-Site Request Forgery (CSRF)
WP Fast Total Search Broken Access Control (BAC)
WPForms User Registration Privilege Escalation (BAC)
WP GoToWebinar Broken Access Control (BAC)
WP Links Page Missing Authorization (BAC) to Limited Image Update
WP Meteor Page Speed Optimization Topping Unauthenticated Full Path Disclosure (BAC)
WP Mobile Menu Missing Authorization (BAC) to _mobmenu_icon Post Meta Modification (BAC)
WP Popups Unauthenticated Full Path Disclosure (BAC)
WP QuickLaTeX Cross-Site Scripting (XSS) in Background Color field
WP RSS Aggregator Missing Authorization (BAC) to Feed State Update
WPS Hide Login Hidden Login Page Disclosure (BAC)
WP User Switch Privilege Escalation (BAC)
XCloner Backup, Restore and Migrate Unauthenticated Full Path Disclosure (BAC)
XPlainer WooCommerce Product FAQ Missing Authorization (BAC) to Cross-Site Scripting (XSS)
XPlainer WooCommerce Product FAQ Missing Authorization (BAC) to Settings Update (BAC)
YITH Essential Kit for WooCommerce #1 Missing Authorization (BAC) to Limited Plugin Install, Activation, and Deactivation
Youzify Broken Access Control (BAC)
Zephyr Project Manager Privilege Escalation (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 1063
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC AUG 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
92 Broken Access Control APR 2023 Vulnerabilities
25 Apr 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
BROKEN ACCESS CONTROL
96 Broken Access Control JUL 2023 Vulnerabilities
19 Jul 2023
BROKEN ACCESS CONTROL
39 Broken Access Control MAR 2023 Vulnerabilities
27 Mar 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
WP BAC SEP 2024: 176 Brutal WP Broken Access Control
17 Sep 2024
BROKEN ACCESS CONTROL
Brutal WP BAC APR 2024: 130 WP Broken Access Control
11 Apr 2024
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
BAC NOV 2023: 94 Broken Access Control NOV 2023 Hack
16 Nov 2023
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAY 2024: 272 WP Broken Access Control
14 May 2024
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.