WP CSRF APR 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +15% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF APR 2024 & WP Cross-Site Request Forgery category:
| All In One WP Security & Firewall | Cross-Site Request Forgery (CSRF) |
| Appointment Booking Calendar | Cross-Site Request Forgery (CSRF) appointment scheduling |
| Automatic | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| BizPrint | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Broken Images | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Builder for WooCommerce reviews shortcodes – ReviewShort | Cross-Site Request Forgery (CSRF) |
| Bulgarisation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Calliope Theme | Cross-Site Request Forgery (CSRF) |
| Categorify | Multiple Cross-Site Request Forgery (CSRF) |
| Change default login logo,url and title | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Church Admin | Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Edit (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF) |
| Complianz – GDPR/CCPA Cookie Consent | Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC) |
| Contests by Rewards Fuel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom WooCommerce Checkout Fields Editor | Cross-Site Request Forgery (CSRF) |
| Digits | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) |
| DX-Watermark | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| File Manager | Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC) |
| GamiPress | Cross-Site Request Forgery (CSRF) |
| HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Request Forgery (CSRF) |
| Innovs HR | Employee Creation via Cross-Site Request Forgery (CSRF) |
| LadiApp | Cross-Site Request Forgery (CSRF) |
| Landingi Landing Pages | Cross-Site Request Forgery (CSRF) |
| Live Sales Notification for Woocommerce – Woomotiv | Cross-Site Request Forgery (CSRF) via ajax_cancel_review |
| LWS Optimize | Cross-Site Request Forgery (CSRF) |
| Nictitate Theme | Cross-Site Request Forgery (CSRF) |
| Ninja Forms | Cross-Site Request Forgery (CSRF) to Publicly Accessible Form Submission Export |
| Play.ht | Cross-Site Request Forgery (CSRF) |
| Popup Cart Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
| RegistrationMagic | Cross-Site Request Forgery (CSRF) |
| Related Posts for WordPress | Cross-Site Request Forgery (CSRF) |
| Shortlinks by Pretty Links | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| Simple Revisions Delete | Cross-Site Request Forgery (CSRF) |
| Simply Schedule Appointments | Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC) |
| Slugs Manager | Cross-Site Request Forgery (CSRF) |
| Social Author Bio | Cross-Site Scripting (XSS) via Cross Site Request Forgery (CSRF) |
| Super Page Cache for Cloudflare | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Team Circle Image Slider With Lightbox | Cross-Site Request Forgery (CSRF) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) |
| Tutor LMS | Cross-Site Request Forgery (CSRF) to Plugin Deactivation and Data Erase |
| Woocommerce Social Media Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WOOCS – WooCommerce Currency Switcher | Cross-Site Request Forgery (CSRF) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Cross-Site Request Forgery (CSRF) |
| WP SMS | Cross-Site Request Forgery (CSRF) |
| WPCS | Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 157 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
