WP CSRF APR 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +15% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF APR 2024 & WP Cross-Site Request Forgery category:
All In One WP Security & Firewall | Cross-Site Request Forgery (CSRF) |
Appointment Booking Calendar | Cross-Site Request Forgery (CSRF) appointment scheduling |
Automatic | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
BizPrint | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Broken Images | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Builder for WooCommerce reviews shortcodes – ReviewShort | Cross-Site Request Forgery (CSRF) |
Bulgarisation for WooCommerce | Cross-Site Request Forgery (CSRF) |
Calliope Theme | Cross-Site Request Forgery (CSRF) |
Categorify | Multiple Cross-Site Request Forgery (CSRF) |
Change default login logo,url and title | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Church Admin | Cross-Site Request Forgery (CSRF) |
CM Download Manager | Download Edit (BAC) via Cross-Site Request Forgery (CSRF) |
CM Download Manager | Download Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
CM Download Manager | Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF) |
Complianz – GDPR/CCPA Cookie Consent | Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC) |
Contests by Rewards Fuel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Custom WooCommerce Checkout Fields Editor | Cross-Site Request Forgery (CSRF) |
Digits | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) |
DX-Watermark | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS) |
Easy Social Feed | Cross-Site Request Forgery (CSRF) |
Easy Social Feed | Cross-Site Request Forgery (CSRF) |
Easy Social Feed | Cross-Site Request Forgery (CSRF) |
Events Manager | Cross-Site Request Forgery (CSRF) |
Events Manager | Cross-Site Request Forgery (CSRF) |
File Manager | Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC) |
GamiPress | Cross-Site Request Forgery (CSRF) |
HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Request Forgery (CSRF) |
Innovs HR | Employee Creation via Cross-Site Request Forgery (CSRF) |
LadiApp | Cross-Site Request Forgery (CSRF) |
Landingi Landing Pages | Cross-Site Request Forgery (CSRF) |
Live Sales Notification for Woocommerce – Woomotiv | Cross-Site Request Forgery (CSRF) via ajax_cancel_review |
LWS Optimize | Cross-Site Request Forgery (CSRF) |
Nictitate Theme | Cross-Site Request Forgery (CSRF) |
Ninja Forms | Cross-Site Request Forgery (CSRF) to Publicly Accessible Form Submission Export |
Play.ht | Cross-Site Request Forgery (CSRF) |
Popup Cart Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
RegistrationMagic | Cross-Site Request Forgery (CSRF) |
Related Posts for WordPress | Cross-Site Request Forgery (CSRF) |
Shortlinks by Pretty Links | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
Simple Revisions Delete | Cross-Site Request Forgery (CSRF) |
Simply Schedule Appointments | Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC) |
Slugs Manager | Cross-Site Request Forgery (CSRF) |
Social Author Bio | Cross-Site Scripting (XSS) via Cross Site Request Forgery (CSRF) |
Super Page Cache for Cloudflare | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Team Circle Image Slider With Lightbox | Cross-Site Request Forgery (CSRF) |
Tumult Hype Animations | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tumult Hype Animations | Cross-Site Request Forgery (CSRF) |
Tutor LMS | Cross-Site Request Forgery (CSRF) to Plugin Deactivation and Data Erase |
Woocommerce Social Media Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WOOCS – WooCommerce Currency Switcher | Cross-Site Request Forgery (CSRF) |
WordPress Meta Data and Taxonomies Filter (MDTF) | Cross-Site Request Forgery (CSRF) |
WP SMS | Cross-Site Request Forgery (CSRF) |
WPCS | Cross-Site Request Forgery (CSRF) |
WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 157 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.