Scroll Top

WP BAC SEP 2024: 176 Brutal WP Broken Access Control

By Csaba, Miklós WP Security owl WAF 17 September 2024

WP BAC SEP 2024: WP BROKEN ACCESS CONTROL

WP BAC SEP 2024

WP Broken Access Control

Tailored WordPress Security Report

Be informed about the latest WP Broken Access Control, identified and reported publicly. WP BAC SEP 2024 is a +2% INCREASE compared to previous month. Consider for your online safety, a managed WP/Woo security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.

WHO needs tailored WP security? EVERYBODY!

Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP BAC SEP 2024: WP Broken Access Control Patch Management.

SHOP NOW

The following cases made headlines PUBLICLY just last month in the WP Broken Access Control category:

AcyMailing SMTP Newsletter File Upload (BAC) via acym_extractArchive Function
AdRotate Double Extension File Upload (BAC)
Advanced Cron Manager – debug & control Broken Access Control (BAC)
affiliate-toolkit Unauthenticated Full Path Dislcosure (BAC)
Amelia Unauthenticated Full Path Disclosure (BAC)
AMP for WP Broken Access Control (BAC)
ARMember Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Aruba HiSpeed Cache Broken Access Control (BAC)
Asset CleanUp: Page Speed Booster Broken Access Control (BAC)
Atarim Broken Access Control (BAC)
Atarim Missing Authorization (BAC) to Settings Update (BAC)
Backup and Restore WordPress Broken Access Control (BAC)
Backup and Restore WordPress Unauthenticated Broken Access Control (BAC)
BerqWP Unauthenticated File Upload (BAC)
Bit Form – Contact Form Plugin 2.0 File Deletion (BAC)
Bit Form – Contact Form Plugin 2.0 File Read (BAC) And Deletion (BAC)
Bit Form – Contact Form Plugin 2.0 JavaScript File Upload (BAC)s
Bit Form Pro File Upload (BAC)
Bit Form Pro Plugin Settings Change (BAC)
Bit Form Pro Unauthenticated File Deletion (BAC)
Bitly Broken Access Control (BAC)
Blockbooster Theme Broken Access Control (BAC)
Blog2Social Cross-Site Scripting (XSS) via File Upload (BAC)
Blog Introduction Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
Blogpoet Theme Broken Access Control (BAC)
Blox Page Builder File Upload (BAC)
BookingPress Authentication Bypass to Account Takeover (BAC)
Breakdance Missing Authorization (BAC)
Clearfy Cache Broken Access Control (BAC)
Clone Broken Access Control (BAC)
Contest Gallery Unauthenticated Comment UserID And IP address Disclosure (BAC)
CRM Perks Forms File Upload (BAC)
Depicter Slider File Upload (BAC)
Docket (WooCommerce Collections / Wishlist / Watchlist) Unauthenticated Post/Page Deletion (BAC)
Droip Settings Change (BAC)/Private Data Exposure
Droip Unauthenticated File Download/Deletion (BAC)
Easy Digital Downloads Broken Access Control (BAC)
Ebook Store Unauthenticated Full Path Disclosure (BAC)
Element Pack Elementor Addons File Read (BAC)
Enhanced Search Box Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
Envira Photo Gallery Broken Access Control (BAC)
Event Espresso 4 Decaf Missing Authorization (BAC) to Plugin Settings Modification (BAC)
EventPrime Broken Access Control (BAC)
Falang multilanguage Missing Authorization (BAC) to Translation Update (BAC) and Private Information Exposure
Favicon Generator Cross-Site Request Forgery (CSRF) to File Deletion (BAC)
Favicon Generator File Upload (BAC) via Cross-Site Request Forgery (CSRF)
File Manager Pro Plugin Settings Update (BAC)
File Manager Pro File Upload (BAC)
Filter & Grids Broken Authentication (BAC)
Flash & HTML5 Video Broken Access Control (BAC)
Folders Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Fonts Broken Access Control (BAC)
FormCraft Broken Access Control (BAC)
Fota WP Theme Broken Access Control (BAC)
Funnelforms Free File Deletion (BAC)
Funnelforms Free File Upload (BAC)
Funnelforms Free Missing Authorization (BAC) to Unauthenticated Media Upload (BAC) and Deletion (BAC)
Fuse Social Floating Sidebar Cross-Site Scripting (XSS) via File Upload (BAC)
GeoDirectory Broken Access Control (BAC)
GetPaid Broken Access Control (BAC)
GiveWP Missing Authorization (BAC) to Private Information Exposure
GiveWP Missing Authorization (BAC) to Unauthenticated Event Settings Update (BAC)
GiveWP Missing Authorization (BAC) to File Deletion (BAC)
GiveWP Unauthenticated Full Path Disclosure (BAC)
Hello Agency Theme Broken Access Control (BAC)
HelloAsso Broken Access Control (BAC)
Hummingbird Broken Access Control (BAC)
HUSKY Privilege Escalation (BAC)
Icegram Collect – Easy Form, Lead Collection and Subscription plugin Broken Access Control (BAC)
ILC Thickbox Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
ImageRecycle pdf & image compression Missing Authorization (BAC) in Several AJAX Actions
infolinks Ad Wrap Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
InPost for WooCommerce Unauthenticated File Read (BAC)/Delete (BAC)
InPost PL Unauthenticated File Read (BAC)/Delete (BAC)
JetFormBuilder Privilege Escalation (BAC)
JobSearch Unauthenticated Account Takeover (BAC)
JobSearch Broken Access Control (BAC)
JobSearch Broken Access Control (BAC)
JoomSport Broken Access Control (BAC)
JS Help Desk – Best Help Desk & Support Plugin Broken Access Control (BAC)
Leopard – WordPress offload media Plugin Settings Change (BAC)
Linkify Text Unauthenticated Full Path Disclosure (BAC)
LiteSpeed Cache Unauthenticated Privilege Escalation (BAC)
Login As Users Broken Authentication (BAC)
Login As Users Broken Access Control (BAC) to Account Takeover (BAC)
Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid Cross-Site Scripting (XSS) via SVG File Upload (BAC)
LWS Affiliation Broken Access Control (BAC)
MainWP Child Reports Cross-Site Request Forgery (CSRF) to Options Update (BAC)
Masteriyo – LMS Broken Access Control (BAC)
Masteriyo – LMS Broken Access Control (BAC)
MaxButtons Full Path Disclosure (BAC)
Media Library Assistant File Upload (BAC) via mla-inline-edit-Upload (BAC)-scripts AJAX Action
Media Library Folders Missing Authorization (BAC) on Various Functions
Memberpress Broken Access Control (BAC)
Meta Box – WordPress Custom Fields Framework Broken Access Control (BAC)
Metform Elementor Contact Form Builder Unauthenticated Double-Extension File Upload (BAC)
Misiek Photo Album Album Deletion (BAC) via Cross-Site Request Forgery (CSRF)
Mollie Payments for WooCommerce Unauthenticated Full Path Disclosure (BAC)
MP3 Audio Player for Music, Radio & Podcast by Sonaar Missing Authorization (BAC) to File Deletion (BAC)
MStore API Authentication Bypass to Account Takeover (BAC)
My Custom CSS PHP & ADS Unauthenticated Full Path Disclosure (BAC)
Newsletters Unauthenticated Full Path Disclosure (BAC)
Newspack Broken Access Control (BAC)
Ninja Tables Cross-Site Scripting (XSS) via SVG File Upload (BAC)
No Update Nag Unauthenticated Full Path Disclosure (BAC)
Obfuscate Email Unauthenticated Full Path Disclosure (BAC)
oik File Deletion (BAC)
Opal Membership Information Disclosure (BAC)
Orbit Fox by ThemeIsle Cross-Site Scripting (XSS) via SVG File Upload (BAC)
Orchid Store Theme Missing Authorization (BAC) to Plugin Activation (BAC)
Order Tracking Broken Access Control (BAC)
Oxygen Builder Missing Authorization (BAC) to Stylesheet Update (BAC)
PDF Builder for WPForms Unauthenticated Full Path Disclosure (BAC)
Permalink Manager Lite Missing Authorization (BAC) to Unauthenticated Private Information Exposure
Persian WooCommerce Broken Access Control (BAC)
Photo Engine Broken Access Control (BAC)
Plugin Notes Plus Content Deletion (BAC)
Premium Addons for Elementor Missing Authorization (BAC) to Content Deletion (BAC) and Title Update (BAC)
Presto Player Broken Access Control (BAC)
Print Barcode Labels for your WooCommerce products/orders Broken Access Control (BAC)
Recipe Card Blocks for Gutenberg & Elementor Broken Access Control (BAC)
Registrations for the Events Calendar Broken Access Control (BAC)
Responsive Lightbox Cross-Site Scripting (XSS) via File Upload (BAC)
Responsive Lightbox Broken Access Control (BAC)
Reveal Template Unauthenticated Full Path Disclosure (BAC)
Reviews Feed Missing Authorization (BAC) to Settings Update (BAC)
ReviewX Broken Access Control (BAC)
ReviveNews Theme Broken Access Control (BAC)
Robin image optimizer Broken Access Control (BAC)
Send Emails with Mandrill Broken Access Control (BAC)
Sign-up Sheets Broken Access Control (BAC)
Sirv Missing Authorization (BAC) to File Upload (BAC)
Slider by Soliloquy Broken Access Control (BAC) to Cross-Site Scripting (XSS)
Smart Online Order for Clover Broken Access Control (BAC)
Smart Online Order for Clover Missing Authorization (BAC) to Plugin Deactivation and Data Deletion (BAC)
Social Slider Feed Broken Access Control (BAC)
Sunshine Photo Cart Broken Access Control (BAC)
Superfly Menu Cross-Site Request Forgery (CSRF) to File Deletion (BAC)
Sync Post With Other Site Missing Authorization (BAC) to Post Creation and Update (BAC)
TemplateSpare Missing Authorization (BAC) to Theme Update (BAC)
Theme My Login Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
Themify Builder Missing Authorization (BAC) to Post Duplication
The Plus Addons for Elementor Page Builder Lite Broken Access Control (BAC)
The Post Grid Information Disclosure (BAC)
Timetics Broken Access Control (BAC)
TrueBooker Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
Tutor LMS Broken Access Control (BAC)
Tutor LMS Pro Missing Authorization (BAC) to Insecure Direct Object Reference
TypeSquare Webfonts Broken Access Control (BAC)
Ultimate Membership Pro Unauthenticated Privilege Escalation (BAC)
UsersWP Users Information Disclosure (BAC)
UsersWP Broken Access Control (BAC)
Visual Sound (old) Settings Update (BAC) via Cross-Site Request Forgery (CSRF)
Waitlist Woocommerce ( Back in stock notifier ) Broken Access Control (BAC)
WHMpress Settings Change (BAC)
Woffice Theme Unauthenticated Privilege Escalation (BAC)
WooCommerce Google Feed Manager Missing Authorization (BAC) to Feed Actions
WooCommerce Google Feed Manager Missing Authorization (BAC) to File Deletion (BAC)
WooCommerce PDF Vouchers Unauthenticated File Deletion (BAC)
WooCommerce Social Login Authentication Bypass to Account Takeover (BAC)
WOOCS – WooCommerce Currency Switcher Broken Access Control (BAC)
WordPress File Upload Broken Access Control (BAC)
WordPress File Upload Unauthenticated Cross-Site Scripting (XSS) via SVG File Upload (BAC)
WP Accessibility Helper (WAH) Missing Authorization (BAC) to Settings Update (BAC)
WPC Frequently Bought Together for WooCommerce Broken Access Control (BAC)
WP Crowdfunding Settings Change (BAC)
WP Fundraising Donation and Crowdfunding Platform Privilege Escalation (BAC)
WP Search Analytics Broken Access Control (BAC)
WP SMS Broken Access Control (BAC)
WP Social Feed Gallery Broken Access Control (BAC)
WP Testimonial Widget Missing Authorization (BAC)
WpTravelly Broken Access Control (BAC)
YARPP Broken Access Control (BAC)
YayExtra Unauthenticated File Upload (BAC) via handle_Upload (BAC)_file Function
Z Y N I T H Unauthenticated Option Deletion (BAC)
Z Y N I T H Unauthenticated Plugin Settings Change (BAC)
WP BAC & WordPress Broken Access Control reported in 2023: 931
WP BAC & WordPress Broken Access Control reported in 2024: 1239
WHO needs tailored WP Maintenance? EVERYBODY!

Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP BAC SEP 2024: WP Broken Access Control Patch Management.

BUY NOW
Security is not a single-task job

Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.

ORDER NOW

Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Broken Access Control audit! Decide after you compare RISK + IMPACT versus COST.

Related Posts

BROKEN ACCESS CONTROL
54 Broken Access Control MAY 2023 Vulnerabilities
23 May 2023
BROKEN ACCESS CONTROL
WP BAC JUN 2024: 113 Brutal WP Broken Access Control
11 Jun 2024
BROKEN ACCESS CONTROL
BAC DEC 2023: 239 Broken Access Control DEC 2023 Hack
14 Dec 2023
BROKEN ACCESS CONTROL
BAC OCT 2023: 69 Broken Access Control OCT 2023 Hack
16 Oct 2023
BROKEN ACCESS CONTROL
WP BAC JUL 2024: 163 Brutal WP Broken Access Control
11 Jul 2024
BROKEN ACCESS CONTROL
71 Broken Access Control JUN 2023 Vulnerabilities
27 Jun 2023
BROKEN ACCESS CONTROL
BAC SEP 2023: 81 Broken Access Control SEP 2023 Hack
14 Sep 2023
BROKEN ACCESS CONTROL
BAC AUG 2023: 71 Broken Access Control AUG 2023
17 Aug 2023
BROKEN ACCESS CONTROL
WP BAC AUG 2024: 172 Brutal WP Broken Access Control
15 Aug 2024
BROKEN ACCESS CONTROL
Brutal WP BAC JAN 2024: 117 WP Broken Access Control
18 Jan 2024
BROKEN ACCESS CONTROL
39 Broken Access Control MAR 2023 Vulnerabilities
27 Mar 2023
BROKEN ACCESS CONTROL
Brutal WP BAC APR 2024: 130 WP Broken Access Control
11 Apr 2024
BROKEN ACCESS CONTROL
25 Broken Access Control FEB 2023
23 Feb 2023
BROKEN ACCESS CONTROL
Brutal WP BAC FEB 2024: 93 WP Broken Access Control
14 Feb 2024
BROKEN ACCESS CONTROL
Brutal WP BAC MAR 2024: 120 WP Broken Access Control
12 Mar 2024
owlpower.eu
owlpower.eu
owlpower.eu
16+ years of owlsome experience
We're on an empowering mission for website owners, who desire not to be transformed forcefully into IT experts.