Scroll Top

WP BAC OCT 2024: 97 Brutal WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 13 October 2024

WP BAC OCT 2024: WP BROKEN ACCESS CONTROL

WP BAC OCT 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC OCT 2024 is a -45% DECREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP BAC OCT 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

ForumWP Account Takeover (BAC)
Easy Property Listings Arbitrary Contact Deletion (BAC) from Cross-Site Request Forgery (CSRF)
Contact Form 7 Campaign Monitor Extension Arbitrary File Deletion (BAC)
Advanced File Manager Arbitrary File Upload (BAC)
Bit File Manager Arbitrary File Upload (BAC)
Bit Form – Contact Form Plugin Arbitrary File Upload (BAC)
MStore API Arbitrary File Upload (BAC)
Customizer Export/Import Arbitrary File Upload (BAC) from Customization Settings Import
The Ultimate WordPress Toolkit – WP Extended Arbitrary Options Update (BAC)
WooCommerce Photo Reviews - Review Reminders - Review for Discounts Authentication Bypass (BAC) to Account Takeover (BAC) and Privilege Escalation (BAC)
Login with phone number Authorization Bypass (BAC) to Privilege Escalation (BAC)
Ads by WPQuads – Adsense Ads, Banner Ads, Popup Ads Broken Access Control (BAC)
Depicter Slider Broken Access Control (BAC)
Elementor Addon Elements Broken Access Control (BAC)
JoomSport Broken Access Control (BAC)
Joy Of Text Lite Broken Access Control (BAC)
Popup Maker Broken Access Control (BAC)
PWA for WP & AMP Broken Access Control (BAC)
Sunshine Photo Cart Broken Access Control (BAC)
Templately Broken Access Control (BAC)
Truepush Broken Access Control (BAC)
Wheel of Life Broken Access Control (BAC)
WooCommerce Multilingual & Multicurrency Broken Access Control (BAC)
WP Datepicker Broken Access Control (BAC)
WP Free SSL – Free SSL Certificate for WordPress and force HTTPS Broken Access Control (BAC)
Fluent Support Broken Access Control (BAC) on Email Verification
Stream Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC)
Easy PayPal Events Cross-Site Request Forgery (CSRF) to Arbitrary Post Deletion (BAC)
BA Book Everything Cross-Site Request Forgery (CSRF) to Email Address Update (BAC) /Account Takeover (BAC)
AnWP Football Leagues Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Common Tools for Site Cross-Site Scripting (XSS) from SVG File Upload (BAC)
GF Custom Style Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Graphicsly Cross-Site Scripting (XSS) from SVG File Upload (BAC)
GutenGeek Free Gutenberg Blocks for WordPress Cross-Site Scripting (XSS) from SVG File Upload (BAC)
king_IE Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Mapplic Lite Cross-Site Scripting (XSS) from SVG File Upload (BAC)
OneElements – Best Elementor Addons Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Preloader Plus - WordPress Loading Screen Plugin Cross-Site Scripting (XSS) from SVG File Upload (BAC)
Advanced File Manager File Upload (BAC)
AZIndex Index Deletion (BAC) from Cross-Site Request Forgery (CSRF)
WCFM – Frontend Manager for WooCommerce Insecure Direct Object Reference (IDOR) to Account Takeover (BAC) /Privilege Escalation (BAC)
Charitable Insecure Direct Object Reference (IDOR) to Account Takeover (BAC) and Privilege Escalation (BAC)
WP-Recall Insecure Direct Object Reference (IDOR) to Unauthenticated Arbitrary Password Update (BAC)
IP Vault – WP Firewall IP Address Spoofing to Protection Mechanism Bypass (BAC)
Limit Login Attempts Plus IP Address Spoofing to Protection Mechanism Bypass (BAC)
SAF IP Address Spoofing to Protection Mechanism Bypass (BAC)
Web Application Firewall – website security IP Address Spoofing to Protection Mechanism Bypass (BAC)
Maintenance Redirect IP Bypass (BAC)
WP Cerber Security IP Protection Bypass (BAC)
Classified Listing Missing Authorization (BAC)
EU/UK VAT Manager for WooCommerce Missing Authorization (BAC)
EU/UK VAT Manager for WooCommerce Missing Authorization (BAC)
Form Vibes – Database Manager for Forms Missing Authorization (BAC) in Multiple Functions
Flash & HTML5 Video Missing Authorization (BAC) in multiple functions from hvp_ajax_handler
The Ultimate WordPress Toolkit – WP Extended Missing Authorization (BAC) to Admin Username Change
Revision Manager TMC Missing Authorization (BAC) to Arbitrary Email Sending
Webba Booking Missing Authorization (BAC) to CSS Settings Update (BAC)
WP Easy Gallery Missing Authorization (BAC) to Gallery Manipulation
FluentForm Missing Authorization (BAC) to Mailchimp Integration Modification
Flash & HTML5 Video Missing Authorization (BAC) to Options Update (BAC)
Amelia Missing Authorization (BAC) to Private Information Exposure
Email Subscribers & Newsletters Missing Authorization (BAC) to Private Information Exposure
Sight Missing Authorization (BAC) to Private Information Exposure in handler_post_title
Frontend Post Submission Manager Lite Missing Authorization (BAC) to Settings Update (BAC)
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins Missing Authorization (BAC) to Settings Update (BAC)
ThemeHunk Missing Authorization (BAC) to Settings Update (BAC) s
Download Monitor Missing Authorization (BAC) to Shop Enable
myCred Missing Authorization (BAC) to Unauthenticated Database Upgrade
Revolut Gateway for WooCommerce Missing Authorization (BAC) to Unauthenticated Order Status Update (BAC)
EventPrime Missing Authorization (BAC) to Unauthenticated Password-Protected-Events Private Disclosure
EventPrime Missing Authorization (BAC) to Unauthenticated Private-Events Private Disclosure
Uncanny Groups for LearnDash Missing Authorization (BAC) to User Group Add
WC Marketplace Missing Authorization (BAC) to Vendor Privilege Escalation (BAC) /Account Takeover (BAC)
Geo Controller Multiple Missing Authorization (BAC)
BuddyForms Privilege Escalation (BAC)
ForumWP Privilege Escalation (BAC)
Houzez Login Register Privilege Escalation (BAC)
Houzez Theme Privilege Escalation (BAC)
Newsletters Privilege Escalation (BAC)
Post Grid and Gutenberg Blocks Privilege Escalation (BAC)
Uncanny Groups for LearnDash Privilege Escalation (BAC)
adstxt Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
DN Popup Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Posts reminder Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Visual Sound Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
LiteSpeed Cache Unauthenticated Account Takeover (BAC) from Cookie Leak
WooEvents Unauthenticated Arbitrary File Overwrite (BAC)
JupiterX Core Unauthenticated Arbitrary File Upload (BAC)
REST API TO MiniProgram Unauthenticated Arbitrary User Email Update (BAC) and Privilege Escalation (BAC) from Account Takeover (BAC)
JupiterX Core Unauthenticated Authentication Bypass (BAC) to Account Takeover (BAC)
Ninja Forms File Upload Extension Unauthenticated Cross-Site Scripting (XSS) from File Upload (BAC)
WP Job Portal Unauthenticated Local File Inclusion (LFi) , Arbitrary Settings Update (BAC) , and User Creation (BAC)
PixelYourSite PRO Unauthenticated Private Information Exposure and Log Deletion (BAC)
PixelYourSite – Your smart PIXEL (TAG) Manager Unauthenticated Private Information Exposure and Log Deletion (BAC)
Webo-facto Unauthenticated Privilege Escalation (BAC)
WPCOM Member Unauthenticated Privilege Escalation (BAC) from User Meta
WP Hardening Unauthenticated Security Feature Bypass (BAC) to Username Enumeration
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 1336
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC OCT 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
Brutal WP BAC APR 2024: 130 WP Broken Access Control
11 Apr 2024
BROKEN ACCESS CONTROL
Brutal WP BAC MAY 2024: 272 WP Broken Access Control
14 May 2024
BROKEN ACCESS CONTROL
WP BAC SEP 2024: 176 Brutal WP Broken Access Control
17 Sep 2024
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
WP BAC JUL 2024: 163 Brutal WP Broken Access Control
11 Jul 2024
BROKEN ACCESS CONTROL
92 Broken Access Control APR 2023 Vulnerabilities
25 Apr 2023
BROKEN ACCESS CONTROL
WP BAC AUG 2024: 172 Brutal WP Broken Access Control
15 Aug 2024
BROKEN ACCESS CONTROL
96 Broken Access Control JUL 2023 Vulnerabilities
19 Jul 2023
BROKEN ACCESS CONTROL
BAC NOV 2023: 94 Broken Access Control NOV 2023 Hack
16 Nov 2023
BROKEN ACCESS CONTROL
39 Broken Access Control MAR 2023 Vulnerabilities
27 Mar 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.