Scroll Top

WP BAC JAN 2025: Brutal 219 WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 8 January 2025

WP BAC JAN 2025: WP BROKEN ACCESS CONTROL

WP BAC JAN 2025

WP Broken Access Control

Managed WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC JAN 2025 is a +7% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.

WHO needs managed WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC JAN 2025: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

3DPrint Lite Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
ACF City Selector Arbitrary File Upload (BAC)
Active Products Tables for WooCommerce Unauthenticated Arbitrary Shortcode Execution (BAC) from woot_get_smth
AdForest Authentication Bypass (BAC)
Advanced File Manager Arbitrary File Upload (BAC)
Advance Menu Manager Settings Change (BAC)
Agency Toolkit Privilege Escalation (BAC)
AI Magic Privilege Escalation (BAC)
AIO Contact Unauthenticated Plugin Settings Change (BAC)
AI Post Generator | AutoWriter Missing Authorization (BAC) to Post/Page Deletion (BAC)
AI Quiz Missing Authorization (BAC) to Arbitrary Options Update (BAC)
Analytify Broken Access Control (BAC)
Arabic Webfonts Broken Access Control (BAC)
Arena.IM – Live Blogging for real-time events Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
ARForms Arbitrary File Read (BAC)
ARForms Plugin Settings Change (BAC)
AR For WordPress Missing Authorization (BAC) to Unauthenticated Limited File Upload (BAC)
ARMember Arbitrary Shortcode Execution (BAC)
Ashe Extra Broken Access Control (BAC)
Authors List Unauthenticated Arbitrary Shortcode Execution (BAC) from Update (BAC)_authors_list_ajax
Awesome Support Broken Access Control (BAC)
AyeCode Connect Broken Access Control (BAC)
Banner System Broken Access Control (BAC)
Biagiotti Membership Authentication Bypass (BAC) from biagiotti_membership_check_facebook_user
Bit Form – Contact Form Plugin Missing Authorization (BAC) to Form Submission Private Data Disclosure
Bold Page Builder Path Traversal (BAC)
Button Block Post Private Data Disclosure from Post Duplication (BAC)
Caldera SMTP Mailer Broken Access Control (BAC)
Car Dealer Broken Access Control (BAC)
CE21 Suite Privilege Escalation (BAC)
Church Admin Broken Access Control (BAC)
CLUEVO LMS, E-Learning Platform Cross-Site Request Forgery (CSRF) to Module Deletion (BAC)
CM Answers Broken Access Control (BAC)
Computer Repair Shop Account Takeover (BAC)
Computer Repair Shop Missing Authorization (BAC) to Account Takeover (BAC) + Privilege Escalation (BAC)
Contact Form by WPForms Missing Authorization (BAC) to Payment Refund and Subscription Cancellation
Contact Form, Survey & Form Builder – MightyForms Broken Access Control (BAC)
CoSchool LMS Account Takeover (BAC)
Cost Calculator Builder Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Coupon Affiliates Unauthenticated Arbitrary Shortcode Execution (BAC) and Cross-Site Scripting (XSS)
Crafthemes Demo Import Theme Arbitrary File Upload (BAC) in process_uploaded_files
Custom Skins Contact Form 7 Missing Authorization (BAC) to Arbitrary Post Update (BAC) and Skin Creation
Database Backup Arbitrary File Read (BAC)
Data Tables Generator by Supsystic Broken Access Control (BAC)
DELUCKS SEO Arbitrary File Download (BAC)
DN Shipping by Weight for WooCommerce Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Download Manager Broken Access Control (BAC)
Download Manager Improper Authorization (BAC) to Unauthenticated Download of Password Protected Files + Private Data
Download Manager Unauthenticated Arbitrary Shortcode Execution (BAC)
Dreamfox Media Payment gateway per Product for Woocommerce Broken Access Control (BAC)
Easy Blocks pro Broken Access Control (BAC)
Easy Digital Downloads Improper Authorization (BAC) to Paywall Bypass (BAC)
Easy Digital Downloads Arbitrary File Download (BAC)
Easy Site Importer Settings Change (BAC)
EditionGuard for WooCommerce – eBook Sales with DRM Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
eewee admin custom Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Eleblog – Elementor Blog And Magazine Addons Missing Authorization (BAC) to Deactivation Submission
Element Pack Elementor Addons Missing Authorization (BAC)
ELEX WooCommerce Dynamic Pricing and Discounts Missing Authorization (BAC)
Essential Real Estate Missing Authorization (BAC) to Information Exposure
Event Tickets with Ticket Scanner Missing Authorization (BAC) to Cross-Site Scripting (XSS)
Eyewear prescription form Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
Falcon – WordPress Optimizations & Tweaks Broken Access Control (BAC)
Filebird Broken Access Control (BAC)
File Manager Pro Missing Authorization (BAC) to Filebird Plugin Installation (BAC)
Firebase OTP Authentication Account Takeover (BAC)
Flash News / Post (Responsive) Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Floating Action Buttons Broken Access Control (BAC)
FloristPress Broken Access Control (BAC)
FloristPress Nonce Leakage to Broken Access Control (BAC)
FooGallery Premium Directory Traversal (BAC)
Friends Missing Authorization (BAC)
Gaga Lite Theme Arbitrary Plugin Activation (BAC) and Deactivation (BAC) to Remote Code Execution (RCE)
gap-hub-user-role Cross-Site Request Forgery (CSRF) to Broken Authentication (BAC)
GEO my WordPress Broken Access Control (BAC)
GitSync Cross-Site Request Forgery (CSRF) to Remote Code Execution (BAC)
Gold Addons for Elementor Missing Authorization (BAC) to License Activation (BAC) and Deactivation (BAC)
Gou Manage My Account Menu Broken Access Control (BAC)
Grid Plus Unauthenticated Arbitrary Shortcode Execution (BAC) from grid_plus_load_by_category
Hash Form Missing Authorization (BAC) to Form Style Creation
HQ Rental Software Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC)
If Menu Missing Authorization (BAC) to License Key Update (BAC)
Import Export For WooCommerce Arbitrary File Upload (BAC)
Insertify Cross-Site Request Forgery (CSRF) to Remote Code Execution (BAC)
Job Board Manager Broken Access Control (BAC)
KH Easy User Settings Privilege Escalation (BAC)
kk Star Ratings Unauthenticated Arbitrary Shortcode Execution (BAC)
Knowledge Base documentation & wiki plugin – BasePress Missing Authorization (BAC) to Database Update (BAC)
Ksher Broken Access Control (BAC)
Leader Broken Access Control (BAC)
LifterLMS Missing Authorization (BAC) to Arbitrary Post Deletion (BAC)
ListApp Mobile Manager Account Takeover (BAC)
Login Page Styler Missing Authorization (BAC) to Privilege Escalation (BAC)
Login With OTP Authentication Bypass (BAC) from Weak OTP
Maintenance & Coming Soon Redirect Animation Missing Authorization (BAC) to Settings Update (BAC)
MainWP Child Missing Authorization (BAC) to Unauthenticated Privilege Escalation (BAC)
MarketKing Missing Authorization (BAC)
Mark New Posts Broken Access Control (BAC)
Maspik – Spam blacklist Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
Member Directory and Contact Form Broken Access Control (BAC)
Memberful Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Members Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Message Filter for Contact Form 7 Broken Access Control (BAC)
Message Filter for Contact Form 7 Missing Authorization (BAC) to Filter Updates (BAC)/Deletions
Minimum and Maximum Quantity for WooCommerce Broken Access Control (BAC)
Minterpress Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Broken Access Control (BAC)
MStore API HTML File Upload (BAC) (Cross-Site Scripting (XSS))
News Ticker for Elementor Broken Access Control (BAC)
New User Approve Broken Access Control (BAC)
Ninja Forms Arbitrary Shortcode Execution (BAC)
Notibar Arbitrary Shortcode Execution (BAC) from njt_nofi_text
Notibar Broken Access Control (BAC)
OAuth Single Sign On – SSO (OAuth Client) Authentication Bypass (BAC)
One Paze Theme Arbitrary Plugin Activation (BAC) and Deactivation (BAC) to Remote Code Execution (RCE)
Opt-In Downloads Arbitrary File Upload (BAC)
Order Delivery & Pickup Location Date Time Settings Change (BAC)
Page Restriction WordPress (WP) Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Paid Member Subscriptions Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Pie Register (Add on) - Social Sites Login Authentication Bypass (BAC)
Pie Register Premium Arbitrary File Upload (BAC)
Pinpoint Booking System Broken Access Control (BAC)
PixProof Broken Access Control (BAC)
PlugVersions Missing Authorization (BAC) to Arbitrary File Creation
Pojo Forms Arbitrary Shortcode Execution (BAC) from form_preview_shortcode
Poll Maker Cross-Site Request Forgery (CSRF) to Poll Duplication (BAC)
Popup Surveys & Polls for WordPress (Mare.io) Settings Change (BAC)
Posti Shipping Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
PPWP – WordPress Password Protect Page Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Premium Addons for Elementor Broken Access Control (BAC)
Print Invoice & Delivery Notes for WooCommerce Missing Authorization (BAC) to Logo Deletion (BAC)
Prodigy Commerce Broken Access Control (BAC)
Projectopia Account Takeover (BAC)
Pubnews Theme Unauthenticated Arbitrary Plugin Installation (BAC)
Quietly Insights Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
RapidLoad Power-Up for Autoptimize Missing Authorization (BAC) to Plugin Settings Modification (BAC) and SQL Injection (SQLi)
Restrict Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Revy Unauthenticated Arbitrary File Upload (BAC)
Royal Elementor Addons Broken Access Control (BAC)
SG Helper Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Sign In With Google Authentication Bypass (BAC) in authenticate_user
Simple Dashboard Privilege Escalation (BAC)
Simple Ecommerce Shopping Cart Missing Authorization (BAC) to Settings Update (BAC) / Data Access
Simple Link Directory Unauthenticated Arbitrary Shortcode Execution (BAC)
Simple Notification Broken Access Control (BAC)
Simple Page Access Restriction Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Simple Restrict Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
Simple User Registration Broken Access Control (BAC) on User Deletion (BAC)
Sinking Dropdowns Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
SiteOrigin Widgets Bundle Broken Access Control (BAC)
Smart Shopify Product Arbitrary Content Deletion (BAC)
SMS for Lead Capture Forms Missing Authorization (BAC) to Arbitrary Message Deletion (BAC)
Sogrid Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Spreadr Woocommerce Arbitrary Content Deletion (BAC)
Spreadr Woocommerce Broken Access Control (BAC)
SSL Wireless SMS Notification Privilege Escalation (BAC)
SV100 Companion Privilege Escalation (BAC)
SVG Shortcode Cross-Site Scripting (XSS) from SVG Upload (BAC)
Sweet Date Theme Privilege Escalation (BAC)
Termin-Kalender Broken Access Control (BAC)
Timetics Missing Authorization (BAC) to Arbitrary User Deletion (BAC)
TI WooCommerce Wishlist Missing Authorization (BAC) to Unauthenticated Plugin Setup Wizard Access
Torod Settings Change (BAC)
Traveler Missing Authorization (BAC) in Several AJAX Actions
Tutor LMS Elementor Addons Broken Access Control (BAC)
Userpro Arbitrary User Meta Update (BAC)
User Role Editor Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
vBSSO-lite Account Takeover (BAC)
VibeBP Unauthenticated Privilege Escalation (BAC)
Video & Photo Gallery for Ultimate Member Arbitrary File Upload (BAC)
Visualmodo Elements Cross-Site Scripting (XSS) from SVG File Upload (BAC)
VW Automobile Lite Theme Broken Access Control (BAC)
Wayne Audio Player Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
WC Price History for Omnibus Missing Authorization (BAC)
WDesignkit Arbitrary File Upload (BAC)
Widget Options Broken Access Control (BAC)
Woffice Theme Unauthenticated Account Takeover (BAC)
WooCommerce Basic Ordernumbers Broken Access Control (BAC)
WooCommerce PDF Vouchers Broken Authentication (BAC)
WooCommerce Point of Sale Insecure Direct Object Reference (IDOR) to Privilege Escalation (BAC) from Arbitrary User Email Change (BAC)
WoodMart Unauthenticated Arbitrary Shortcode Execution (BAC)
Wovax IDX Account Takeover (BAC)
WP BASE Booking Missing Authorization (BAC) to Private Data Information Exposure from app_export_db
WPBITS Addons For Elementor Page Builder Cross-Site Scripting (XSS) from SVG File Upload (BAC)
WPCargo Track & Trace Settings Change (BAC)
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Missing Authorization (BAC) to Whitelist Script
WP-CRM System Broken Access Control (BAC)
WP Crowdfunding Missing Authorization (BAC) to WooCommerce Installation (BAC)
WPC Shop as a Customer for WooCommerce Authentication Bypass (BAC) Due to Insufficiently Unique Key
WP Hide Security Enhancer Missing Authorization (BAC) to Unauthenticated Arbitrary File Contents Deletion (BAC)
WPLMS Arbitrary Directory Deletion (BAC)
WPLMS Arbitrary File Upload (BAC)
WPLMS Arbitrary File Upload (BAC)
WPLMS Arbitrary File Upload (BAC)
WPLMS Arbitrary File Deletion (BAC)
WPLMS Arbitrary File Upload (BAC)
WPLMS Unauthenticated Arbitrary Directory Deletion (BAC)
WPLMS Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
WPLMS Unauthenticated Arbitrary File Upload (BAC)
WPLMS Unauthenticated Privilege Escalation (BAC)
WP Mailster Broken Access Control (BAC)
WP Mailster Broken Access Control (BAC)
WPMasterToolKit Arbitrary File Download (BAC)
WPMasterToolKit Arbitrary File Upload (BAC)
WP Menu Image Broken Access Control (BAC)
WPMobile.App Unauthenticated Arbitrary Shortcode Execution (BAC)
Wp NssUser Register Privilege Escalation (BAC)
WP Private Content Plus Unauthenticated Content Restriction Bypass (BAC) to Private Data Information Exposure
WP SHAPES Cross-Site Scripting (XSS) from SVG File Upload (BAC)
WPSSO Core Broken Access Control (BAC)
WP SuperBackup Multiple Broken Access Control (BAC)
WP SuperBackup Unauthenticated Arbitrary File Upload (BAC)
WP SuperBackup Unauthenticated Arbitrary File Upload (BAC)
WP SuperBackup Unauthenticated Backup File Download (BAC)
WP Travel Broken Access Control (BAC)
XML Multilanguage Sitemap Generator Broken Access Control (BAC)
Youtube Video Grid Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
Zita Site Builder Arbitrary Plugin Installation (BAC) and Activation (BAC)
畅言评论系统 Broken Access Control (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 2024
WP BAC & WordPress Broken Access Control reported in 2025: 219
WHO needs managed WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC JAN 2025: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
WP BAC NOV 2024: 264 Brutal WP Broken Access Control
13 Nov 2024
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
BAC NOV 2023: 94 Broken Access Control NOV 2023 Hack
16 Nov 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
BROKEN ACCESS CONTROL
96 Broken Access Control JUL 2023 Vulnerabilities
19 Jul 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAY 2024: 272 WP Broken Access Control
14 May 2024
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
WP BAC DEC 2024: Brutal 205 WP Broken Access Control
05 Dec 2024
BROKEN ACCESS CONTROL
WP BAC AUG 2024: 172 Brutal WP Broken Access Control
15 Aug 2024
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
92 Broken Access Control APR 2023 Vulnerabilities
25 Apr 2023
owlpower.eu
Top Searches:
infected hacked migrate perfect pagespeed managed monitoring