WP CSRF AUG 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF AUG 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +57% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF AUG 2024 & WP Cross-Site Request Forgery category:
Advanced AJAX Page Loader | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Affiliate Manager | Profile Update (BAC) via Cross-Site Request Forgery (CSRF) |
Affiliate Manager | Affiliate Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
Animated Rotating Words | Cross-Site Request Forgery (CSRF) |
ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ashe Theme | Cross-Site Request Forgery (CSRF) |
Attachment File Icons | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
Bard Theme | Cross-Site Request Forgery (CSRF) |
Blocksy Theme | Cross-Site Request Forgery (CSRF) |
BuddyBoss Theme Theme | Cross-Site Request Forgery (CSRF) |
CM Email Registration Blacklist and Whitelist | Add/Delete Emails via Cross-Site Request Forgery (CSRF) Add and delete any item from blacklist/whitelist |
CM On Demand Search And Replace | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Community Events | Event Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
Conditional Fields for Contact Form | Cross-Site Request Forgery (CSRF) to Plugin Setting Reset (BAC) |
Construction Landing Page Theme | Cross-Site Request Forgery (CSRF) |
Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Cooked | Multiple Cross-Site Request Forgery (CSRF) |
Event post | Cross-Site Request Forgery (CSRF) |
Event Tickets | Cross-Site Request Forgery (CSRF) |
Floating Social Buttons | Cross-Site Request Forgery (CSRF) |
Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Deletion (BAC) |
Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
Google Adsense & Banner Ads by AdsforWP | Cross-Site Request Forgery (CSRF) |
Hestia Theme | Cross-Site Request Forgery (CSRF) |
Highlight Theme | Cross-Site Request Forgery (CSRF) |
Himer Theme | Multiple Cross-Site Request Forgery (CSRF) |
HTML Forms | Bulk Delete via Cross-Site Request Forgery (CSRF) |
iamaze Theme | Cross-Site Request Forgery (CSRF) |
Internal Link Juicer: SEO Auto Linker for WordPress | Cross-Site Request Forgery (CSRF) |
itransform Theme | Cross-Site Request Forgery (CSRF) |
Just Custom Fields | Cross-Site Request Forgery (CSRF) via AJAX actions |
Lawyer Landing Page Theme | Cross-Site Request Forgery (CSRF) |
Leaky Paywall | Cross-Site Request Forgery (CSRF) |
Light Poll | Poll Answers Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
ListingPro Theme | Cross-Site Request Forgery (CSRF) to Account Takeover |
LiteSpeed Cache | Cross-Site Request Forgery (CSRF) (CSRF) to Cross-Site Scripting (XSS) |
Matomo Analytics | Cross-Site Request Forgery (CSRF) leading to Notice Dismissal |
MBE eShip | Cross-Site Request Forgery (CSRF) |
Metorik – Reports & Email Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
Nested Pages | Cross-Site Request Forgery (CSRF) to Local File Inclusion (LFi) |
Ninja Forms | Cross-Site Request Forgery (CSRF) |
Oceanic Theme | Cross-Site Request Forgery (CSRF) |
Pardakht Delkhah | Form Fields Reset (BAC) via Cross-Site Request Forgery (CSRF) |
Patricia Blog Theme | Cross-Site Request Forgery (CSRF) |
Patricia Lite Theme | Cross-Site Request Forgery (CSRF) |
Point Theme | Cross-Site Request Forgery (CSRF) |
Popularis Verse Theme | Cross-Site Request Forgery (CSRF) |
Posterity Theme | Cross-Site Request Forgery (CSRF) |
Pricing Table | Cross-Site Request Forgery (CSRF) via ajax |
pzfrontendmanager | Cross-Site Request Forgery (CSRF) change user profile picture |
Rara Business Theme | Cross-Site Request Forgery (CSRF) |
Rife Free Theme | Cross-Site Request Forgery (CSRF) |
ScrollTo Bottom | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
ScrollTo Top | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Seraphinite Accelerator (Full, premium) | Cross-Site Request Forgery (CSRF) Leading to Arbitrary File Deletion (BAC) |
sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Smart Image Gallery | Update/Delete Google API Key via Cross-Site Request Forgery (CSRF) |
Smartsupp – live chat, chatbots, AI and lead generation | Cross-Site Request Forgery (CSRF) |
Snippet Shortcodes | Cross-Site Request Forgery (CSRF) |
Social Auto Poster | Cross-Site Request Forgery (CSRF) via Multiple Functions |
SociallyViral Theme | Cross-Site Request Forgery (CSRF) |
SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SULly | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
Swift Performance Lite | Cross-Site Request Forgery (CSRF) |
Taggbox | Cross-Site Request Forgery (CSRF) |
Telegram Bot & Channel | Cross-Site Request Forgery (CSRF) |
The Events Calendar | Cross-Site Request Forgery (CSRF) |
Trendy News Theme | Cross-Site Request Forgery (CSRF) |
Ultimate Auction | Cross-Site Request Forgery (CSRF) |
WordPress Cliengo Chatbot plugin | Cross-Site Request Forgery (CSRF) |
WP Ajax Contact Form | Arbitrary Email Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
WP eMember | Bulk Delete via Cross-Site Request Forgery (CSRF) |
WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
WP eStore | Coupon Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
WP Fast Total Search | Cross-Site Request Forgery (CSRF) |
WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WPQA Builder forms Addon | Arbitrary Category and Tag Follow/Unfollow via Cross-Site Request Forgery (CSRF) |
WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 549 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.