WP CSRF APR 2024
WP Cross-Site Request Forgery
Managed Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +15% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF APR 2024 & WP Cross-Site Request Forgery category:
| All In One WP Security & Firewall | Cross-Site Request Forgery (CSRF) |
| Appointment Booking Calendar | Cross-Site Request Forgery (CSRF) appointment scheduling |
| Automatic | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| BizPrint | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Broken Images | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Builder for WooCommerce reviews shortcodes – ReviewShort | Cross-Site Request Forgery (CSRF) |
| Bulgarisation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Calliope Theme | Cross-Site Request Forgery (CSRF) |
| Categorify | Multiple Cross-Site Request Forgery (CSRF) |
| Change default login logo,url and title | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Church Admin | Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Edit (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF) |
| Complianz – GDPR/CCPA Cookie Consent | Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC) |
| Contests by Rewards Fuel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom WooCommerce Checkout Fields Editor | Cross-Site Request Forgery (CSRF) |
| Digits | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) |
| DX-Watermark | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| File Manager | Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC) |
| GamiPress | Cross-Site Request Forgery (CSRF) |
| HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Request Forgery (CSRF) |
| Innovs HR | Employee Creation via Cross-Site Request Forgery (CSRF) |
| LadiApp | Cross-Site Request Forgery (CSRF) |
| Landingi Landing Pages | Cross-Site Request Forgery (CSRF) |
| Live Sales Notification for Woocommerce - Woomotiv | Cross-Site Request Forgery (CSRF) via ajax_cancel_review |
| LWS Optimise | Cross-Site Request Forgery (CSRF) |
| Nictitate Theme | Cross-Site Request Forgery (CSRF) |
| Ninja Forms | Cross-Site Request Forgery (CSRF) to Publicly Accessible Form Submission Export |
| Play.ht | Cross-Site Request Forgery (CSRF) |
| Popup Cart Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
| RegistrationMagic | Cross-Site Request Forgery (CSRF) |
| Related Posts for WordPress | Cross-Site Request Forgery (CSRF) |
| Shortlinks by Pretty Links | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| Simple Revisions Delete | Cross-Site Request Forgery (CSRF) |
| Simply Schedule Appointments | Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC) |
| Slugs Manager | Cross-Site Request Forgery (CSRF) |
| Social Author Bio | Cross-Site Scripting (XSS) via Cross Site Request Forgery (CSRF) |
| Super Page Cache for Cloudflare | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Team Circle Image Slider With Lightbox | Cross-Site Request Forgery (CSRF) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) |
| Tutor LMS | Cross-Site Request Forgery (CSRF) to Plugin Deactivation and Data Erase |
| Woocommerce Social Media Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WOOCS – WooCommerce Currency Switcher | Cross-Site Request Forgery (CSRF) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Cross-Site Request Forgery (CSRF) |
| WP SMS | Cross-Site Request Forgery (CSRF) |
| WPCS | Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 157 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Request Forgery audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.
