Scroll Top

Brutal WP BAC MAY 2024: 272 WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 14 May 2024

WP BAC MAY 2024: WP BROKEN ACCESS CONTROL

WP BAC MAY 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC MAY 2024 is a +109% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP BAC MAY 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

Checkout Payment Gateway for WooCommerce Missing Authorization (BAC) via sniff_ins
5 Stars Rating Funnel Arbitrary Content Deletion (BAC)
5 Stars Rating Funnel Broken Access Control (BAC)
Academy LMS Broken Access Control (BAC)
Accountra Theme Broken Access Control (BAC)
ActiveDEMAND Arbitrary File Upload (BAC)
Active Products Tables for WooCommerce Broken Access Control (BAC)
Advanced Local Pickup for WooCommerce Broken Access Control (BAC)
Advanced Local Pickup for WooCommerce Broken Access Control (BAC)
Advanced Post Block Post Grid for WordPress block editor Missing Authorization (BAC) to Information Disclosure
Advanced Search Shortcode Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Advanced Testimonial Carousel for Elementor Broken Access Control (BAC)
AI Post Generator | AutoWriter Broken Access Control (BAC)
All in One Video Gallery Broken Access Control (BAC)
Althea WP Theme Broken Access Control (BAC)
Announcer – Notification & message bars Broken Access Control (BAC)
Appointment Hour Booking Captcha Bypass (BAC)
AppPresser Broken Access Control (BAC)
Arconix FAQ Broken Access Control (BAC)
Arconix Shortcodes Broken Access Control (BAC)
ARForms Arbitrary File Deletion (BAC)
ARForms Arbitrary Plugin Activation/Deactivation (BAC)
ARForms Form Builder Broken Access Control (BAC)
ARForms Form Builder Missing Authorization (BAC) to Arbitrary Option Deletion (BAC)
ARMember Broken Access Control (BAC)
Aspose.Words Exporter Broken Access Control (BAC)
Auto Poster Arbitrary File Upload (BAC)
AWP Classifieds Broken Access Control (BAC)
Backup Migration Broken Access Control (BAC)
BackWPup Unauthenticated Backup Download (BAC)
Barcode Scanner with Inventory & Order Manager Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Barcode Scanner with Inventory & Order Manager Unauthenticated Broken Access Control (BAC)
Barcode Scanner with Inventory & Order Manager Unauthenticated Privilege Escalation (BAC)
BizPrint Broken Access Control (BAC)
BookingPress Arbitrary File Upload (BAC)
Booking Ultra Pro Privilege Escalation (BAC)
Boostify Header Footer Builder for Elementor Broken Access Control (BAC)
BP Better Messages Broken Authentication (BAC)
Bricksforge Unauthenticated Arbitrary WordPress Setting Deletion (BAC)
Brite Theme Broken Access Control (BAC)
BuddyForms Arbitrary File Read (BAC) and Server-Side Request Forgery (SSRF)
Captcha by BestWebSoft Captcha Bypass (BAC)
Chauffeur Taxi Booking System for WordPress Broken Authentication (BAC)
Church Admin Arbitrary File Upload (BAC)
Church Admin Broken Access Control (BAC)
Classified Listing Missing Authorization (BAC) to Arbitrary Attachment Deletion (BAC)
Classified Listing Cross-Site Request Forgery (CSRF) to Account Takeover via rtcl_Update (BAC)_user_account
Classified Listing Missing Authorization (BAC)
Client Dash Broken Access Control (BAC)
Clone Broken Access Control (BAC)
Colibri WP Theme Broken Access Control (BAC)
Contact Form & Lead Form Elementor Builder Missing Authorization (BAC)
Content Control Missing Authorization (BAC) to Private Private Information Exposure
Contest Gallery Arbitrary File Deletion (BAC)
Conversational Forms for ChatBot Arbitrary File Download (BAC)
CookieHub Broken Access Control (BAC)
Country State City Dropdown CF7 Missing Authorization (BAC)
Customer Reviews for WooCommerce Missing Authorization (BAC) to Arbitrary Email Sending
Customer Reviews for WooCommerce Missing Authorization (BAC) to Coupon Search
Custom Order Statuses for WooCommerce Broken Access Control (BAC)
Custom Thank You Page Customize For WooCommerce by Binary Carpenter Broken Access Control (BAC)
Dashboard Welcome for Elementor Broken Access Control (BAC)
Data Tables Generator by Supsystic Broken Access Control (BAC)
Delete Custom Fields Cross-Site Request Forgery (CSRF) to Post Meta Deletion (BAC)
Demo My WordPress Unauthenticated Privilege Escalation (BAC)
Download (BAC) Manager File Password Lock Bypass (BAC)
Duplicate Post Broken Access Control (BAC)
Easy Accept Payments Broken Access Control (BAC)
Easy Property Listings Broken Access Control (BAC)
Easy Social Share Buttons Multiple Broken Access Control (BAC)
EleForms Missing Authorization (BAC) to Private Private Information Exposure
Element Pack Pro Arbitrary File Read (BAC) and Phar Deserialization
Elespare Missing Authorization (BAC) to Arbitrary Post Creation (BAC)
Elevate WP Theme Broken Access Control (BAC)
Email Subscribers & Newsletters Broken Access Control (BAC)
EmbedPress Broken Access Control (BAC)
EmbedPress Broken Access Control (BAC)
Enhanced Text Widget Broken Access Control (BAC)
ENL Newsletter Campaign Deletion (BAC) via Cross-Site Request Forgery (CSRF)
EnvíaloSimple Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC)
EPROLO Dropshipping Broken Access Control (BAC)
eRoom – Zoom Meetings & Webinar Missing Authorization (BAC) to Private Information Exposure
Everest Backup Arbitrary File Upload (BAC)
Evergreen Content Poster Broken Access Control (BAC)
Exclusive Addons Elementor Broken Access Control (BAC)
Fatal Error Notify Broken Access Control (BAC)
Filter Custom Fields & Taxonomies Light Broken Access Control (BAC)
Five Star Restaurant Reservations Broken Access Control (BAC)
Flexible Checkout Fields for WooCommerce Broken Access Control (BAC)
Flexible Shipping Broken Access Control (BAC)
Forminator Unauthenticated Cross-Site Scripting (XSS) via File Upload (BAC)
GG Woo Feed for WooCommerce Broken Access Control (BAC)
Giveaways and Contests by RafflePress IP Restriction Bypass (BAC)
Hugo WP Theme Broken Access Control (BAC)
Hummingbird Broken Access Control (BAC)
Image Watermark Missing Authorization (BAC) to Watermark Modification
Import XML and RSS Feeds Arbitrary File Upload (BAC)
Inline Related Posts Password Protected Post Read (BAC)
Instant Images Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
InstaWP Connect Unauthenticated Arbitrary File Upload (BAC)Patch priority: high Fixed
InstaWP Connect Broken Access Control (BAC)
Integrate Google Drive Broken Access Control (BAC)
Integrate Google Drive Broken Access Control (BAC)
Ivory Search Missing Authorization (BAC) to Index Creation (BAC)
JS Help Desk – Best Help Desk & Support Plugin Broken Access Control (BAC)
KB Support Broken Access Control (BAC)
Knowledge Base documentation & wiki plugin – BasePress Broken Access Control (BAC)
LearnPress Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Load More Anything Broken Access Control (BAC)
LoginPress Pro Captcha Bypass (BAC)
LoginPress Pro Unauthenticated License Activation/Deactivation (BAC)
Login with phone number Broken Access Control (BAC)
Login with phone number Privilege Escalation (BAC)
Maintenance Mode by helderk IP Bypass (BAC)
Master Addons for Elementor Broken Access Control (BAC) on Duplicate Post
Masteriyo LMS Privilege Escalation (BAC)
MasterStudy LMS Unauthenticated Privilege Escalation (BAC) via stm_lms_register AJAX Action
MaxGalleria Missing Authorization (BAC)
Mega Addons For Elementor Broken Access Control (BAC)
Metform Elementor Contact Form Builder Broken Access Control (BAC)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Arbitrary File Download (BAC)
Multi Currency For WooCommerce Broken Access Control (BAC)
MyRewards Broken Access Control (BAC)
Newsletters Arbitrary File Upload (BAC)
News Wall Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC)
NextGEN Gallery Missing Authorization (BAC) to Unauthenticated Information Disclosure
NPS computy Results Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Olive One Click Demo Import Arbitrary File Download (BAC)
Open Close WooCommerce Store Broken Access Control (BAC)
OrderConvo Unauthenticated API Access (BAC) to Arbitrary File Upload (BAC)
Order Limit for WooCommerce Broken Access Control (BAC)
Otter Gutenberg Block Limited File Upload (BAC) to Cross-Site Scripting (XSS)
Ovic Addon Toolkit Broken Access Control (BAC)
Ovic Responsive WPBakery Broken Access Control (BAC)
Page Builder: Live Composer Broken Access Control (BAC)
Pardot Broken Access Control (BAC)
Pathway Theme Broken Access Control (BAC)
Payment Gateway Based Fees and Discounts for WooCommerce Broken Access Control (BAC)
PeproDev Ultimate Invoice Broken Access Control (BAC)
Photo Gallery by 10Web Broken Access Control (BAC)
Piotnet Addons For Elementor Pro Unauthenticated Arbitrary Post/Page Deletion (BAC)
Pocket News Generator Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
Podlove Podcast Publisher Broken Access Control (BAC)
Podlove Podcast Publisher Broken Access Control (BAC)
Poll Maker Missing Authorization (BAC) to Unauthenticated Private Email Enumeration
Poll Maker Missing Authorization (BAC) to Unauthenticated Cross-Site Scripting (XSS)
Pop up Broken Access Control (BAC)
Popup Anything Broken Access Control (BAC)
Popup box Missing Authorization (BAC) to Private Information Exposure
Popup by Supsystic Broken Access Control (BAC)
Post Grid Unauthenticated Password Protected Posts Access (BAC)
Post Type Builder (PTB) Arbitrary Post/Page Creation (BAC)
PostX – Gutenberg Blocks for Post Grid Post/Page Duplication (BAC)
PPOM for WooCommerce Unauthenticated Arbitrary File Upload (BAC) via ppom_Upload (BAC)_file
Premmerce Product Filter for WooCommerce Broken Access Control (BAC)
Prime Slider – Addons For Elementor Broken Access Control (BAC)
Prime Slider – Addons For Elementor Broken Access Control (BAC)
Print Invoice & Delivery Notes for WooCommerce Broken Access Control (BAC)
Products, Order & Customers Export for WooCommerce Broken Access Control (BAC)
Product Sort and Display for WooCommerce Missing Authorization (BAC)
Profile Builder Bypass (BAC)
ProfileGrid Group Members Limit Bypass (BAC)
ProfileGrid Missing Authorization (BAC)
PropertyHive Missing Authorization (BAC) to Arbitrary Post Deletion (BAC)
Quick Featured Images Missing Authorization (BAC) to Arbitrary Thumbnail Deletion (BAC)
Redirect Redirection Broken Access Control (BAC)
Relevanssi Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Relevanssi Premium Missing Authorization (BAC) to Unauthenticated Count Option Update (BAC)
Responsive Lightbox Broken Access Control (BAC)
Responsive Theme Missing Authorization (BAC) to HMTL Injection
Restrict Content Broken Access Control (BAC)
Reviews Plus Broken Access Control (BAC)
RomethemeForm For Elementor Broken Access Control (BAC)
Royal Elementor Addons IP Bypass (BAC)
Royal Elementor Addons Unauthenticated Limited File Upload (BAC)
RSS Redirect & Feedburner Alternative Broken Access Control (BAC)
s2Member Pro Privilege Escalation (BAC)
Salon booking system Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
Save as PDF plugin by Pdfcrowd Broken Access Control (BAC) to Cross-Site Scripting (XSS)
SchedulePress Broken Access Control (BAC)
Secure Copy Content Protection and Content Locking Broken Access Control (BAC)
Secure Copy Content Protection and Content Locking Broken Access Control (BAC)
Sendinblue for WooCommerce Arbitrary File Download (BAC) and Deletion (BAC)
Send PDF for Contact Form 7 Missing Authorization (BAC)
Shared Files Broken Access Control (BAC)
Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy Arbitrary Content Deletion (BAC)
Sharkdropship for AliExpress Dropship and Affiliate Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
Shortcode Addons Broken Access Control (BAC)
ShortPixel Adaptive Images Broken Access Control (BAC)
ShortPixel Critical CSS Broken Access Control (BAC)
Simple Buttons Creator Arbitrary Button Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Simple Registration for WooCommerce Unauthenticated Privilege Escalation (BAC)
Sirv Arbitrary Option Update (BAC) to Privilege Escalation (BAC)
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer Missing Authorization (BAC)
Smart Forms Broken Access Control (BAC)
Smart Forms Edit Entries via Broken Access Control (BAC)
Smart Online Order for Clover Cross-Site Request Forgery (CSRF) Leading to Coupon Creation/Modification (BAC)
Smart Slider 3 Missing Authorization (BAC) to Limited File Upload (BAC)
Social Media & Share Icons Broken Access Control (BAC)
Social Pug Unauthenticated Password Protected Posts Access (BAC)
Social Share Icons & Social Share Buttons Broken Access Control (BAC)
Social Share Icons & Social Share Buttons Broken Access Control (BAC) lead to Notice Dismissal
Social Snap Broken Access Control (BAC)
Soledad Theme Broken Access Control (BAC)
Soledad Theme Unauthenticated Broken Access Control (BAC)
Speed Optimizer Broken Access Control (BAC)
SSL Mixed Content Fix Broken Access Control (BAC)
SSU Broken Access Control (BAC)
Startupzy Theme Broken Access Control (BAC)
Sticky Anything Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Subscribe2 Broken Access Control (BAC)
Support Genix Broken Access Control (BAC) lead to Arbitrary File Upload (BAC)
Template Kit – Import Cross-Site Scripting (XSS) via template Upload (BAC)
Theme My Login Broken Access Control (BAC)
Themify – WooCommerce Product Filter Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF)
The Plus Blocks for Block Editor | Gutenberg Broken Access Control (BAC)
Total Poll Lite Broken Access Control (BAC)
Tracking Code Manager Broken Access Control (BAC)
TrackShip for WooCommerce Broken Access Control (BAC)
Ultimate Posts Widget Broken Access Control (BAC)
User Registration Privilege Escalation (BAC)
User Registration Missing Authorization (BAC) to Unauthenticated Media Deletion (BAC)
Vertice Theme Broken Access Control (BAC)
Vision Interactive Broken Access Control (BAC)
Vitepos Broken Access Control (BAC)
VK Block Patterns Broken Access Control (BAC)
WC Marketplace Broken Access Control (BAC)
weForms Form Submission Restriction Bypass (BAC)
Welcart e Commerce Broken Access Control (BAC)
WooCommerce Private/Draft Products Access (BAC)
WooCommerce Cart Abandonment Recovery Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF)
WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Missing Authorization (BAC) to Unauthenticated Settings Reset
WordPress Backup & Migration Missing Authorization (BAC) to Directory Traversal
WordPress Gallery Exporter Arbitrary File Download (BAC)
WordPress Meta Data and Taxonomies Filter (MDTF) Broken Access Control (BAC)
WP2LEADS Broken Access Control (BAC)
WP Access (BAC)ibility Helper (WAH) Broken Access Control (BAC)
WPC Frequently Bought Together for WooCommerce Broken Access Control (BAC)
WPC Grouped Product for WooCommerce Broken Access Control (BAC)
WP Club Manager Broken Access Control (BAC)
WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Missing Authorization (BAC) to Unauthenticated Arbitrary Post Deletion (BAC)
WP Cost Estimation & Payment Forms Builder Broken Access Control (BAC)
WP Datepicker Arbitrary Options Update (BAC) to Privilege Escalation (BAC)
wpDiscuz Cross-Site Scripting (XSS) via Upload (BAC)ed Image Alternative Text
WP Eggdrop Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
WP GoToWebinar Broken Access Control (BAC)
WP LinkedIn Auto Publish Broken Access Control (BAC)
WP Lister Lite for eBay Arbitrary File Upload (BAC)
WP Page Post Widget Clone Broken Access Control (BAC)
WP Photo Album Plus Arbitrary File Upload (BAC)
WPPizza Broken Access Control (BAC)
WP Poll Maker Arbitrary File Deletion (BAC)
WP Poll Maker Arbitrary File Upload (BAC)
WP Radio – Worldwide Online Radio Stations Directory for WordPress Missing Authorization (BAC)
WP Social Comments Broken Access Control (BAC)
WP Sort Order Broken Access Control (BAC)
WP Stateless Missing Authorization (BAC) to Limited Arbitrary Options Update (BAC)
WP Time Slots Booking Form Broken Access Control (BAC)
Wp Ultimate Review Broken Access Control (BAC) on Review
WPZOOM Social Feed Widget & Block Missing Authorization (BAC) to Instagram Image Deletion (BAC)
WZone Arbitrary SQL Update (BAC) Execution
WZone Privilege Escalation (BAC)
WZone Site Wide Broken Access Control (BAC)
WZone Unauthenticated Broken Access Control (BAC)
XStore Core Limited Arbitrary File Download (BAC)
XStore Core Limited Arbitrary File Upload (BAC)
XStore Core Multiple Broken Access Control (BAC)
XStore Core Unauthenticated Privilege Escalation (BAC)
XStore Theme Arbitrary Option Update (BAC)
XStore Theme Broken Access Control (BAC)
XStore Theme Unauthenticated Broken Access Control (BAC)
Zero Spam Bypass (BAC) Spam Protection
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 615
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC MAY 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
WP BAC JUL 2024: 163 Brutal WP Broken Access Control
11 Jul 2024
BROKEN ACCESS CONTROL
WP BAC AUG 2024: 172 Brutal WP Broken Access Control
15 Aug 2024
BROKEN ACCESS CONTROL
BAC NOV 2023: 94 Broken Access Control NOV 2023 Hack
16 Nov 2023
BROKEN ACCESS CONTROL
92 Broken Access Control APR 2023 Vulnerabilities
25 Apr 2023
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
39 Broken Access Control MAR 2023 Vulnerabilities
27 Mar 2023
BROKEN ACCESS CONTROL
WP BAC JUN 2024: 113 Brutal WP Broken Access Control
11 Jun 2024
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
WP BAC SEP 2024: 176 Brutal WP Broken Access Control
17 Sep 2024
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.