WP BAC JUN 2024
WP Broken Access Control
Managed WordPress Security Report
Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC JUN 2024 is a -58% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC JUN 2024: WP Broken Access Control Patch Management.
The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:
| ACF Front End Editor | Missing Authorisation (BAC) to Arbitrary Content Update |
| ACF On-The-Go | Missing Authorisation (BAC) to Arbitrary Content Update |
| AdFoxly – Ad Manager, AdSense Ads & Ads.txt | Broken Access Control (BAC) |
| Advanced Custom Fields PRO | Arbitrary Function Execution (BAC) |
| AI Engine: ChatGPT Chatbot | Arbitrary File Upload (BAC) |
| Aiomatic | Broken Access Control (BAC) |
| All-in-One Video Gallery | Arbitrary File Upload (BAC) via featured image |
| ApplyOnline – Application Form Builder and Manager | Missing Authorisation (BAC) to Private Information Exposure |
| AppPresser | Improper Missing Encryption Exception Handling to Authentication Bypass (BAC) |
| Back In Stock Notifier for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Base64 Encoder/Decoder | Settings Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Blocksy Companion | Cross-Site Scripting (XSS) via SVG Upload (BAC)s |
| BookingPress | Appointment Duration Manipulation (BAC) |
| Booster for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Brizy – Page Builder | Missing Authorisation (BAC) |
| Builder for WooCommerce reviews shortcodes – ReviewShort | Broken Access Control (BAC) |
| Bulk Posts Editing For WordPress | Missing Authorisation (BAC) |
| canvasio3D Light | Arbitrary File Upload (BAC) |
| ChatBot | Missing Authorisation (BAC) via multiple functions |
| ClickCease Click Fraud Protection | Improper Authorisation (BAC) to Private information exposure via get_settings |
| Comparison Slider | Missing Authorisation (BAC) |
| Contact Form by WPForms | Unauthenticated Price Manipulation (BAC) |
| Contact Form & Lead Form Elementor Builder | Arbitrary Shortcode Execution (BAC) |
| Contact List – Easy Business Directory, Staff Directory and Address Book Plugin | Broken Access Control (BAC) |
| ConvertPlus | Missing Authorisation (BAC) to Limited Arbitrary Options Update |
| Copymatic – AI Content Writer & Generator | Unauthenticated Arbitrary File Upload (BAC) |
| Cost Calculator Builder Pro | Unauthenticated Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Crafthemes Demo Import | Arbitrary Plugin Installation (BAC) |
| Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler | Broken Access Control (BAC) |
| Different Menu in Different Pages | Missing Authorisation (BAC) to Menu Duplication |
| Download Monitor | Missing Authorisation (BAC) |
| EAN for WooCommerce | Arbitrary Option Update (BAC) to Privilege Escalation (BAC) |
| Edwiser Bridge | Authentication Bypass (BAC) due to Missing Empty Value Check |
| Element Pack Elementor Addons | Form Submission Admin Email Bypass (BAC) |
| Email Subscribers & Newsletters | Missing Authorisation (BAC) in handle_ajax_request |
| EmbedPress | Insufficient Authorisation (BAC) Checks |
| Event post | Missing Authorisation (BAC) |
| Fastly | Broken Access Control (BAC) |
| Fastly | Broken Access Control (BAC) |
| Flo Forms | Broken Access Control (BAC) |
| FluentForm | Missing Authorisation (BAC) to Setting Manipulation (BAC) |
| FluentForm | Missing Authorisation (BAC) to Settings Update (BAC) and Limited Privilege Escalation (BAC) |
| Giveaways and Contests by RafflePress | Broken Access Control (BAC) |
| Hash Form – Drag & Drop Form Builder | Unauthenticated Arbitrary File Upload (BAC) to Remote Code Execution (RCE) |
| HT Mega | Missing Authorisation (BAC) to Options Update |
| If-So Dynamic Content Personalization | Broken Access Control (BAC) |
| Import and export users and customers | Broken Access Control (BAC) |
| iPages Flipbook | Broken Access Control (BAC) |
| Kognetiks Chatbot for WordPress | Arbitrary File Upload (BAC) |
| LeadConnector | API Broken Access Control (BAC) |
| LearnPress | Arbitrary File Upload (BAC) |
| LearnPress | Unauthenticated Bypass (BAC) to User Registration |
| Login with phone number | Broken Access Control (BAC) |
| Login with phone number | Authentication Bypass (BAC) |
| MC Woocommerce Wishlist | Broken Access Control (BAC) |
| MC Woocommerce Wishlist | Broken Access Control (BAC) |
| Menu Icons by ThemeIsle | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Netgsm | Broken Access Control (BAC) |
| Optimole | Cross-Site Scripting (XSS) via SVG Upload (BAC) |
| Orders Tracking for WooCommerce | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| Password Protected | Missing Authorisation (BAC) to Private Information Exposure |
| Photo Gallery by 10Web | Broken Access Control (BAC) |
| Pk Favicon Manager | Arbitrary File Upload (BAC) |
| Post Grid Master | Broken Access Control (BAC) |
| Premium Addons for Elementor | Missing Authorisation (BAC) to Private Information Disclosure |
| Radio Player | Broken Access Control (BAC) |
| reCAPTCHA Jetpack | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| ReviewX | Missing Authorisation (BAC) |
| Serial Numbers for WooCommerce – License Manager | Broken Access Control (BAC) |
| Shared Counts | Missing Authorisation (BAC) to Arbitrary Email Sending |
| Shared Files | Broken Access Control (BAC) |
| ShopLentor | Missing Authorisation (BAC) via purchased_new_products |
| ShopLentor | Missing Authorisation (BAC) to WordPress Option Modification |
| Simple Basic Contact Form | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| SimpleShop | Missing Authorisation (BAC) |
| Slider Revolution | Unauthenticated Broken Access Control (BAC) |
| Social Connect | Authentication Bypass (BAC) |
| Spectra Pro | Privilege Escalation (BAC) |
| SportsPress – Sports Club & League Manager | Broken Access Control (BAC) |
| SP Project & Document Manager | Data Update (BAC) and File Download (BAC) via IDOR |
| Startklar Elementor Addons | Unauthenticated Arbitrary File Upload (BAC) |
| StopBadBots | Missing Authorisation (BAC) to Private Information Expsoure |
| Swift Framework | Missing Authorisation (BAC) to Unauthenticated Arbitrary Content Update |
| Swift Performance Lite | Incorrect Authorisation (BAC) to Settings Modification |
| Swiss Toolkit For WP | Authentication Bypass (BAC) |
| Tagembed | Broken Access Control (BAC) |
| Testimonial Carousel For Elementor | Missing Authorisation (BAC) to Limited Setting Update |
| The Post Grid | Missing Authorisation (BAC) |
| Tutor LMS | Missing Authorisation (BAC) |
| Tutor LMS Pro | Missing Authorisation (BAC) |
| Tutor LMS Pro | Missing Authorisation (BAC) to Privilege Escalation (BAC) |
| Tutor LMS Pro | Missing Authorisation (BAC) to SQL Injection (SQLi) |
| Video Gallery – Api Gallery, YouTube and Vimeo, Link Gallery | Broken Access Control (BAC) |
| Video Gallery & Management | Missing Authorisation (BAC) to Arbitrary Post/Page Creation |
| weDocs | Broken Access Control (BAC) |
| weMail | Broken Access Control (BAC) |
| White Label CMS | Missing Authorisation (BAC) to Plugin Settings Reset |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Arbitrary Shortcode Execution (BAC) |
| WordPress Pie Register - Social Sites Login (Add on) plugin | - Authentication Bypass (BAC) |
| WP Compress – Image Optimiser [All-In-One] | Missing Authorisation (BAC) |
| WP Discourse | Broken Access Control (BAC) |
| WP Fundraising Donation and Crowdfunding Platform | Broken Access Control (BAC) |
| WP Latest Posts | Arbitrary Shortcode Execution (BAC) |
| WP Photo Album Plus | Unauthenticated Arbitrary Shortcode Execution (BAC) |
| WP Photo Album Plus | Unauthenticated Arbitrary File Upload (BAC) |
| WP Post Author | Rating Value Manipulation (BAC) |
| WP Post Author | Broken Access Control (BAC) |
| WP Scraper | Missing Authorisation (BAC) to Arbitrary Page/Post Creation |
| WP STAGING – Backup Duplicator & Migration | Arbitrary File Upload (BAC) |
| WpTravelly | Missing Authorisation (BAC) via ttbm_new_place_save |
| YITH WooCommerce Gift Cards | Multiple BAC - Missing Authorisation to Unauthenticated WooCommerce Settings Update |
| Yumpu ePaper publishing | Multiple BAC - Missing Authorisation, PDF Upload, Publishing, API Key Modification |
| Z-Downloads | Arbitrary File Upload (BAC) |
| WP BAC & WordPress Broken Access Control reported in 2023: | 931 |
| WP BAC & WordPress Broken Access Control reported in 2024: | 728 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC JUN 2024: WP Broken Access Control Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) monthly: technical monthly: owlpower services weekly: inspiration weekly: featured request managed help (tailored newsletter only for you) weekly: news Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and occasional with…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) monthly: technical monthly: owlpower services weekly: inspiration weekly: featured request managed help (tailored newsletter only for you) weekly: news Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and occasional with…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) monthly: technical monthly: owlpower services weekly: inspiration weekly: featured request managed help (tailored newsletter only for you) weekly: news Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and occasional with…
We’re passionate about helping you grow and make your impact Continue being informed Email (*double opt-in) monthly: technical monthly: owlpower services weekly: inspiration weekly: featured request managed help (tailored newsletter only for you) weekly: news Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes. Weekly inspiration, news and occasional with…
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.
