WP CSRF AUG 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF AUG 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +57% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF AUG 2024 & WP Cross-Site Request Forgery category:
| Advanced AJAX Page Loader | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Affiliate Manager | Profile Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Affiliate Manager | Affiliate Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Animated Rotating Words | Cross-Site Request Forgery (CSRF) |
| ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ashe Theme | Cross-Site Request Forgery (CSRF) |
| Attachment File Icons | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Bard Theme | Cross-Site Request Forgery (CSRF) |
| Blocksy Theme | Cross-Site Request Forgery (CSRF) |
| BuddyBoss Theme Theme | Cross-Site Request Forgery (CSRF) |
| CM Email Registration Blacklist and Whitelist | Add/Delete Emails via Cross-Site Request Forgery (CSRF) Add and delete any item from blacklist/whitelist |
| CM On Demand Search And Replace | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Community Events | Event Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Conditional Fields for Contact Form | Cross-Site Request Forgery (CSRF) to Plugin Setting Reset (BAC) |
| Construction Landing Page Theme | Cross-Site Request Forgery (CSRF) |
| Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Cooked | Multiple Cross-Site Request Forgery (CSRF) |
| Event post | Cross-Site Request Forgery (CSRF) |
| Event Tickets | Cross-Site Request Forgery (CSRF) |
| Floating Social Buttons | Cross-Site Request Forgery (CSRF) |
| Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Deletion (BAC) |
| Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Google Adsense & Banner Ads by AdsforWP | Cross-Site Request Forgery (CSRF) |
| Hestia Theme | Cross-Site Request Forgery (CSRF) |
| Highlight Theme | Cross-Site Request Forgery (CSRF) |
| Himer Theme | Multiple Cross-Site Request Forgery (CSRF) |
| HTML Forms | Bulk Delete via Cross-Site Request Forgery (CSRF) |
| iamaze Theme | Cross-Site Request Forgery (CSRF) |
| Internal Link Juicer: SEO Auto Linker for WordPress | Cross-Site Request Forgery (CSRF) |
| itransform Theme | Cross-Site Request Forgery (CSRF) |
| Just Custom Fields | Cross-Site Request Forgery (CSRF) via AJAX actions |
| Lawyer Landing Page Theme | Cross-Site Request Forgery (CSRF) |
| Leaky Paywall | Cross-Site Request Forgery (CSRF) |
| Light Poll | Poll Answers Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| ListingPro Theme | Cross-Site Request Forgery (CSRF) to Account Takeover |
| LiteSpeed Cache | Cross-Site Request Forgery (CSRF) (CSRF) to Cross-Site Scripting (XSS) |
| Matomo Analytics | Cross-Site Request Forgery (CSRF) leading to Notice Dismissal |
| MBE eShip | Cross-Site Request Forgery (CSRF) |
| Metorik – Reports & Email Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Nested Pages | Cross-Site Request Forgery (CSRF) to Local File Inclusion (LFi) |
| Ninja Forms | Cross-Site Request Forgery (CSRF) |
| Oceanic Theme | Cross-Site Request Forgery (CSRF) |
| Pardakht Delkhah | Form Fields Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Patricia Blog Theme | Cross-Site Request Forgery (CSRF) |
| Patricia Lite Theme | Cross-Site Request Forgery (CSRF) |
| Point Theme | Cross-Site Request Forgery (CSRF) |
| Popularis Verse Theme | Cross-Site Request Forgery (CSRF) |
| Posterity Theme | Cross-Site Request Forgery (CSRF) |
| Pricing Table | Cross-Site Request Forgery (CSRF) via ajax |
| pzfrontendmanager | Cross-Site Request Forgery (CSRF) change user profile picture |
| Rara Business Theme | Cross-Site Request Forgery (CSRF) |
| Rife Free Theme | Cross-Site Request Forgery (CSRF) |
| ScrollTo Bottom | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| ScrollTo Top | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Seraphinite Accelerator (Full, premium) | Cross-Site Request Forgery (CSRF) Leading to Arbitrary File Deletion (BAC) |
| sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Smart Image Gallery | Update/Delete Google API Key via Cross-Site Request Forgery (CSRF) |
| Smartsupp – live chat, chatbots, AI and lead generation | Cross-Site Request Forgery (CSRF) |
| Snippet Shortcodes | Cross-Site Request Forgery (CSRF) |
| Social Auto Poster | Cross-Site Request Forgery (CSRF) via Multiple Functions |
| SociallyViral Theme | Cross-Site Request Forgery (CSRF) |
| SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| SULly | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Swift Performance Lite | Cross-Site Request Forgery (CSRF) |
| Taggbox | Cross-Site Request Forgery (CSRF) |
| Telegram Bot & Channel | Cross-Site Request Forgery (CSRF) |
| The Events Calendar | Cross-Site Request Forgery (CSRF) |
| Trendy News Theme | Cross-Site Request Forgery (CSRF) |
| Ultimate Auction | Cross-Site Request Forgery (CSRF) |
| WordPress Cliengo Chatbot plugin | Cross-Site Request Forgery (CSRF) |
| WP Ajax Contact Form | Arbitrary Email Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WP eMember | Bulk Delete via Cross-Site Request Forgery (CSRF) |
| WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
| WP eStore | Coupon Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WP Fast Total Search | Cross-Site Request Forgery (CSRF) |
| WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPQA Builder forms Addon | Arbitrary Category and Tag Follow/Unfollow via Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 549 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
