Scroll Top

WP BAC DEC 2024: Brutal 205 WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 5 December 2024

WP BAC DEC 2024: WP BROKEN ACCESS CONTROL

WP BAC DEC 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC DEC 2024 is a -22% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC DEC 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

AccessPress Staple Theme Arbitrary Plugin Activation (BAC) and DeActivation (BAC) to Remote Code Execution (RCE)
Advanced Order Export For WooCommerce Unauthenticated PHP Object Injection (BAC)
Advanced Personalization PHP Object Injection (BAC)
Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One Broken Access Control (BAC)
AI Quiz Broken Access Control (BAC)
Airin Blog Theme PHP Object Injection (BAC)
AJAX Random Posts PHP Object Injection (BAC)
Alphabetical List Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Anonymous Restricted Content Unauthenticated Content Restriction Bypass (BAC) to Private Information Exposure
AppPresser Unauthenticated Privilege Escalation (BAC) from Password Reset
Aqua SVG Sprite Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Audio Record Arbitrary File Upload (BAC)
B-Banner Slider Arbitrary File Upload (BAC)
Backup and Staging by WP Time Capsule Unauthenticated Arbitrary File Upload (BAC)
Banner System Privilege Escalation (BAC)
Bard Extra Missing Authorization (BAC) to Demo Import
BasePress Migration Tools Arbitrary File Upload (BAC)
Boat Rental Plugin for WordPress Arbitrary File Upload (BAC)
Booking & Appointment Plugin for WooCommerce Arbitrary Option Update (BAC)
Booking calendar, Appointment Booking System Unauthenticated Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Buy one click WooCommerce Missing Authorization (BAC) to Settings Export (BAC)
Buying Buddy IDX CRM Cross-Site Request Forgery (CSRF) to PHP Object Injection (BAC)
CDI Arbitrary File Upload (BAC)
CE21 Suite Missing Authorization (BAC) to Unauthenticated Plugin Settings Change (BAC)
CF7 Reply Manager Arbitrary File Upload (BAC)
Chatter Broken Access Control (BAC)
Classified Listing Arbitrary Option Update (BAC)
Clone Unauthenticated PHP Object Injection (BAC) from 'recursive_unserialized_replace'
CM Table Of Contents – WordPress TOC Plugin Settings Reset (BAC) from Cross-Site Request Forgery (CSRF)
Combo WP Rewrite Slugs Settings Change (BAC)
Computer Repair Shop Arbitrary File Upload (BAC)
Contact Form by WPForms Cross-Site Request Forgery (CSRF) to Plugin's Log Deletion (BAC)
Contact Page With Google Map Arbitrary File Deletion (BAC)
Contest Gallery Unauthenticated Arbitrary Password Reset (BAC) to Privilege Escalation (BAC)and Account Takeover (BAC)
Convert Docx2post Arbitrary File Upload (BAC)
CSV to html Arbitrary File Upload (BAC)
Customer Reviews for WooCommerce Missing Authorization (BAC) to Import Cancellation
CYAN Backup Arbitrary File Download (BAC)
Datasets Manager by Arttia Creative Arbitrary File Upload (BAC)
de:branding Privilege Escalation (BAC)
Debug Tool Unauthenticated Arbitrary File Creation (BAC)
Devexhub Gallery Arbitrary File Upload (BAC)
DigiPass Arbitrary File Download (BAC)
Do That Task Arbitrary File Upload (BAC)
Drop Shadow Boxes Arbitrary Shortcode Execution (BAC)
Easy Accordion Gutenberg Block Broken Access Control (BAC)
Easy CSV Importer BETA Arbitrary File Upload (BAC)
EleForms Missing Authorization (BAC)
Elementor – Header, Footer & Blocks Template Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Elfsight Telegram Chat CC Missing Authorization (BAC) to Cross-Site Scripting (XSS)
Essential Addons for Elementor Private Information Exposure to Privilege Escalation (BAC)
Exclusive Content Password Protect Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
External Database Based Actions Authentication Bypass (BAC)
F4 Improvements Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Fediverse Embeds Arbitrary File Upload (BAC)
File Manager Pro Arbitrary File Upload (BAC)
Floating Buttons for WooCommerce Broken Access Control (BAC)
FluentSMTP Unauthenticated PHP Object Injection (BAC)
Forms Arbitrary File Upload (BAC)
Gallerio Arbitrary File Upload (BAC)
GamiPress Unauthenticated Arbitrary Shortcode Execution (BAC) from gamipress_get_user_earnings
GEO my WordPress Arbitrary File Upload (BAC)
Geolocator PHP Object Injection (BAC)
Global Gateway e4 | Payeezy Gateway | Arbitrary File Deletion (BAC)
GPX Viewer Arbitrary File Creation (BAC)
Grid View Gallery PHP Object Injection (BAC)
Grip Theme Arbitrary Plugin Activation (BAC) and DeActivation (BAC) to Remote Code Execution (RCE)
Hacklog DownloadManager Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
Hash Elements Missing Authorization (BAC) to Unauthenticated Draft Post Title Exposure
HB AUDIO GALLERY Arbitrary File Upload (BAC)
Heateor Social Login Authentication Bypass (BAC)
Hide Links Unauthenticated Shortcode Execution (BAC)
Hive Support – WordPress Help Desk Arbitrary File Upload (BAC)
Hustle Missing Authorization (BAC) to Unauthorized Form Submission
Hustle Missing Authorization (BAC) to Unpublished Form Exposure
Image Alt Text Missing Authorization (BAC) to Image Alt Text Update (BAC)
Image Classify Arbitrary File Upload (BAC)
InPost Gallery Arbitrary Shortcode Execution (BAC) from inpost_gallery_get_shortcode_template
Instant Image Generator Arbitrary File Upload (BAC)
JetWidgets For Elementor Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Jobify - Job Board WordPress Theme Broken Access Control (BAC)
Jobify - Job Board WordPress Theme Unauthenticated Arbitrary File Read (BAC)
JobSearch Arbitrary File Upload (BAC)
JobSearch Authentication Bypass (BAC) to Account Takeover (BAC) and Privilege Escalation (BAC)
JobSearch Unauthenticated Arbitrary File Upload (BAC)
KBucket Arbitrary File Upload (BAC)
kineticPay for WooCommerce Arbitrary File Upload (BAC)
Kognetiks Chatbot for WordPress Missing Authorization (BAC) to Assistant Addition (BAC)
Kognetiks Chatbot for WordPress Missing Authorization (BAC) to Assistant Deletion (BAC)
Kognetiks Chatbot for WordPress Missing Authorization (BAC) to Assistant Update (BAC)
Kognetiks Chatbot for WordPress Cross-Site Request Forgery (CSRF) to Assistant Modification (BAC)
Leopard - WordPress offload media Missing Authorization (BAC) to Arbitrary Options Update (BAC)
Lis Video Gallery PHP Object Injection (BAC)
Lock User Account User Lock Bypass (BAC)
Loginizer Authentication Bypass (BAC)
Loginizer Security Authentication Bypass (BAC)
LSX Tour Operator Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Luna Web Radio Player Unauthenticated Arbitrary File Read (BAC)
Matix Popup Builder Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
mFolio Lite Missing Authorization (BAC) to File Upload (BAC) from EXE and SVG Files
MP3 Sticky Player Unauthenticated Arbitrary File Read (BAC)and Download (BAC)
MPG Directory Traversal to File Deletion (BAC)
MultiManager WP Authentication Bypass (BAC) from User Impersonation
Music Player for Elementor – Audio Player & Podcast Player Missing Authorization (BAC) to Template Import
My Contador lesr Missing Authorization (BAC) to Unauthenticated User Registration (BAC) CSV Export (BAC)
My Geo Posts Free PHP Object Injection (BAC)
NIX Anti-Spam Light PHP Object Injection (BAC)
Opal Woo Custom Product Variation Arbitrary File Deletion (BAC)
Otter - Gutenberg Block Broken Access Control (BAC)
Otter - Gutenberg Block Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Otter - Gutenberg Block Unauthenticated Path Traversal (BAC) to Arbitrary Image View
Paid Member Subscriptions Unauthenticated Arbitrary Shortcode Execution (BAC)
Pathomation Arbitrary File Upload (BAC)
Paytium Broken Access Control (BAC)
Picsmize Arbitrary File Upload (BAC)
Pie Register Premium Broken Access Control (BAC)
Popup box Missing Authorization (BAC) to UnauthenticatedOptions Update (BAC)
Post From Frontend Post Deletion (BAC) from Cross-Site Request Forgery (CSRF)
PostX Missing Authorization (BAC) to Arbitrary Plugin Installation (BAC) and Activation (BAC)
Product Designer Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Product Input Fields for WooCommerce Arbitrary File Read (BAC)
ProfileGrid Missing Authorization (BAC) to Arbitrary User Meta Deletion (BAC)
ProfilePress Unauthenticated Content Restriction Bypass (BAC) to Private Information Exposure
PublishPress Revisions Missing Authorization (BAC) to Private Information Exposure
Push Notifications for WordPress by PushAssist Arbitrary File Upload (BAC)
QRMenu Restaurant QR Menu Lite PHP Object Injection (BAC)
Quick Learn PHP Object Injection (BAC)
Rank Math SEO Arbitrary htaccess Overwrite (BAC) to Remote Code Execution (RCE)
Really Simple Security Pro Account Takeover (BAC)
Really Simple Security Pro multisite Account Takeover (BAC)
Really Simple SSL Account Takeover (BAC)
Referrer Detector PHP Object Injection (BAC)
RegistrationMagic Unauthenticated Privilege Escalation (BAC) from Password Recovery
Relais 2FA Authentication Bypass (BAC)
Request a Quote for WooCommerce and Elementor Unauthenticated Arbitrary Shortcode Execution (BAC) from fire_contact_form
Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation Arbitrary File Upload (BAC)
School Management Unauthenticated Arbitrary File Upload (BAC)
Security & Malware scan by CleanTalk Authorization Bypass (BAC) from Reverse DNS Spoofing to Unauthenticated SQL Injection (SQLi)
Simple Local Avatars Missing Authorization (BAC) to User Cache Clearing
Sirv Missing Authorization (BAC) to Arbitrary Option Deletion (BAC)
SK WP Settings Backup Cross-Site Request Forgery (CSRF) to PHP Object Injection (BAC)
Sky Addons for Elementor Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC)
Sky Addons for Elementor Missing Authorization (BAC) to Arbitrary Options Update (BAC)
Smart Marketing SMS and Newsletters Forms Broken Access Control (BAC)
Social Login Authentication Bypass (BAC)
Spam protection, AntiSpam, FireWall by CleanTalk Authorization Bypass (BAC) from Reverse DNS Spoofing
Spam protection, AntiSpam, FireWall by CleanTalk Authorization Bypass (BAC)
Styler for Ninja Forms Arbitrary Option Deletion (BAC) from deactivate_license
Super Socializer Authentication Bypass (BAC)
Support SVG Cross-Site Scripting (XSS) from SVG File Upload (BAC)
SVG Block Cross-Site Scripting (XSS) from SVG File Upload (BAC)
System Dashboard Path Traversal (BAC)
Team Rosters PHP Object Injection (BAC)
Th Shop Mania Theme Arbitrary Plugin Installation (BAC) and Activation (BAC)
The Novel Design Store Directory Arbitrary File Upload (BAC)
Tickera Unauthenticated Arbitrary Shortcode Execution (BAC)
Top Store Theme Arbitrary Plugin Installation (BAC) and Activation (BAC)
Tumult Hype Animations Missing Authorization (BAC)
Tumult Hype Animations Arbitrary File Upload (BAC) from hypeanimations_panel Function
Tutor LMS User Registration (BAC) Setting Bypass (BAC) to Unauthorized User Registration (BAC)
Uix Slideshow Unauthenticated Arbitrary Shortcode Execution (BAC)
Ultimate Member Missing Authorization (BAC) to Arbitrary User Profile Picture Update (BAC)
Ultimate YouTube Video & Shorts Player With Vimeo Missing Authorization (BAC) to Arbitrary Playlist and Video Deletion (BAC)
Ultimate YouTube Video & Shorts Player With Vimeo Missing Authorization (BAC) to Setting Exposure
User Extra Fields Unauthenticated Arbitrary File Upload (BAC)
User Extra Fields Missing Authorization (BAC) to Privilege Escalation (BAC)
User Extra Fields Unauthenticated Arbitrary File Deletion (BAC)
User Management Arbitrary File Upload (BAC)
UserPlus Privilege Escalation (BAC)
Video Gallery for WooCommerce Missing Authorization (BAC) to UnauthenticatedFile Deletion (BAC)
Wawp Account Takeover (BAC)
WDES Responsive Mobile Menu PHP Object Injection (BAC)
WOLF CSV Path Traversal (BAC)
WooCommerce Product Table Lite Unauthenticated Arbitrary Shortcode Execution (BAC) & Cross-Site Scripting (XSS)
WooCommerce Report Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC)
WooCommerce Social Login Authentication Bypass (BAC)
WooCommerce Support Ticket System Unauthenticated Arbitrary File Deletion (BAC)
WooCommerce Support Ticket System Unauthenticated Arbitrary File Upload (BAC)
WooCommerce Upload Files Unauthenticated Arbitrary File Upload (BAC)
WOOCS – WooCommerce Currency Switcher Unauthenticated Arbitrary Shortcode Execution (BAC)
WordPress GDPR & CCPA Missing Authorization (BAC) to Unauthenticated Arbitrary User Deletion (BAC)
WordPress Video Robot - The Ultimate Video Importer Privilege Escalation (BAC) from User Meta Update (BAC)
WP Chat App Missing Authorization (BAC) to Filebird Plugin Installation (BAC)
WP Log Viewer Missing Authorization (BAC)
WP Membership Unauthenticated Arbitrary File Upload (BAC)
WP Photo Album Plus Unauthenticated Arbitrary Shortcode Execution (BAC) from getshortcodedrenderedfenodelay
WP Project Manager Insecure Direct Object Reference (IDOR) to Unauthenticated Authorization Bypass (BAC)
WP Project Manager Missing Authorization (BAC) to Project Milestone and Task Creation (BAC)and Deletion
WP Quick Setup Arbitrary Plugin and Theme Installation (BAC) to Remote Code Execution (RCE)
WP Travel Engine Missing Authorization (BAC) to Plugin Settings Update (BAC)
WP User Manager Missing Authorization (BAC) to User Meta Key Enumeration
WP User Manager Missing Authorization (BAC) to Carbon Fields Custom Sidebar Addition (BAC)and Removal
WP-Orphanage Extended Cross-Site Request Forgery (CSRF) to Orphan Account Privilege Escalation (BAC)
WPB Popup for Contact Form 7 Unauthenticated Arbitrary Shortcode Execution (BAC) from wpb_pcf_fire_contact_form
WPDash Notes Missing Authorization (BAC) to Private Information Exposure
WPGYM Missing Authorization (BAC) to Privilege Escalation (BAC)
WPGYM Unauthenticated Arbitrary File Upload (BAC)
WPLMS Theme Unauthenticated Arbitrary File Read (BAC) and Deletion (BAC)
WPvivid Backup and Migration Unauthenticated PHP Object Injection (BAC)
Writer Helper Arbitrary File Upload (BAC)
Xin Theme PHP Object Injection (BAC)
Xpresslane Fast Checkout PHP Object Injection (BAC)
XT Floating Cart for WooCommerce Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Yaad Sarig Payment Gateway For WC Missing Authorization (BAC) to Log Read (BAC)and Deletion
Zotpress Missing Authorization (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 1805
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC DEC 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
Brutal WP BAC MAY 2024: 272 WP Broken Access Control
14 May 2024
BROKEN ACCESS CONTROL
WP BAC SEP 2024: 176 Brutal WP Broken Access Control
17 Sep 2024
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
WP BAC JUN 2024: 113 Brutal WP Broken Access Control
11 Jun 2024
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
96 Broken Access Control JUL 2023 Vulnerabilities
19 Jul 2023
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
BROKEN ACCESS CONTROL
92 Broken Access Control APR 2023 Vulnerabilities
25 Apr 2023
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
WP BAC OCT 2024: 97 Brutal WP Broken Access Control
13 Oct 2024
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.