WP CSRF JAN 2025
WP Cross-Site Request Forgery
Managed Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF JAN 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +5% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF JAN 2025 & WP Cross-Site Request Forgery category:
| 3DPrint Lite | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Add image to Post | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| addWeather | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Admin Customization | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Advanced Fancybox | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| AIcomments | Cross-Site Request Forgery (CSRF) |
| AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot | Cross-Site Request Forgery (CSRF) |
| Amazon Product Price | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Aphorismus | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| AppMaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Arena.IM – Live Blogging for real-time events | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| AutoWP | Cross-Site Request Forgery (CSRF) |
| Avada Theme | Cross-Site Request Forgery (CSRF) |
| Bet sport Free | Cross-Site Request Forgery (CSRF) |
| Category of Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CK and SyntaxHighlighter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Clickbank Storefront | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CLUEVO LMS, E-Learning Platform | Cross-Site Request Forgery (CSRF) to Module Deletion (BAC) |
| CodeBard Help Desk | Cross-Site Request Forgery (CSRF) |
| Contact Form 7 Dynamic Text Extension | Cross-Site Request Forgery (CSRF) |
| Cost Calculator Builder | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Country Blocker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CRUDLab Google Plus Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| dejure.org Vernetzungsfunktion | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Display Future Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| DN Shipping by Weight for WooCommerce | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| DTC Documents | Cross-Site Request Forgery (CSRF) |
| DX Dark Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| eCommerce Product Catalog | Cross-Site Request Forgery (CSRF) to Password Reset |
| ECT Product Carousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ECT Social Share | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| EditionGuard for WooCommerce – eBook Sales with DRM | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| EELV Newsletter | Cross-Site Request Forgery (CSRF) |
| eewee admin custom | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Event Espresso 4 Decaf | Cross-Site Request Forgery (CSRF) |
| Fancy Roller Scroller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Flaming Forms | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Flash News / Post (Responsive) | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Floating Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| gap-hub-user-role | Cross-Site Request Forgery (CSRF) to Broken Authentication (BAC) |
| Gaxx Keywords | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Geoportail Shortcode | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| GitSync | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
| Go Animate | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| GTPayment Donations | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Hack-Info | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hello In All Languages | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hestia Nginx Cache | Cross-Site Request Forgery (CSRF) |
| Hive Support – WordPress Help Desk | Cross-Site Request Forgery (CSRF) |
| HQ Rental Software | Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC) |
| Increase Sociability | Cross-Site Request Forgery (CSRF) |
| Insertify | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
| Interactive UK Map | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| I Plant A Tree | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| jCarousel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Jet Footer Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LeaderBoard Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Like in Vk.com | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LionScripts: Site Maintenance & Noindex Nofollow Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Mandrill WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Maspik – Spam blacklist | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| MDC Comment Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Metrika | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Multiple Admin Emails | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Namaste! LMS | Cross-Site Request Forgery (CSRF) |
| Online Booking & Scheduling Calendar for WordPress by vcita | Cross-Site Request Forgery (CSRF) |
| Onlywire Multi Autosubmitter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Paloma Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Peter’s Custom Anti-Spam | Cross-Site Request Forgery (CSRF) from cas_register_post Function |
| phZoom | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Poll Maker | Cross-Site Request Forgery (CSRF) to Poll Duplication (BAC) |
| Posti Shipping | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) from generate_notices_html Function |
| Posti Shipping | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| Pulsating Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Reactflow Visitor Recording and Heatmaps | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SearchIQ | Cross-Site Requst Forgery (CSRF) |
| Simple Booking Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Redirection | Cross-Site Request Forgery (CSRF) to Arbitrary Site Redirect |
| Sinking Dropdowns | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| SIP Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SliceWP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| SMS for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Social Media Sharing | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Sogrid | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| SOPA Blackout | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Stop Registration Spam | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Themify Store Locator | Cross-Site Request Forgery (CSRF) |
| Tidy Up | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ui Slider Filter By Price | Cross-Site Request Forgery (CSRF) |
| User Role Editor | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Visual Recent Posts | Cross-Site Request Forgery (CSRF) |
| Wayne Audio Player | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| WordPress Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP-Ban-User | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Controller | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPC Order Notes for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Currency Exchange Rates | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Fiddle | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Flipkart Importer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP-HideThat | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPLegalPages | Cross-Site Request Forgery (CSRF) |
| Wp Login with Ajax | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Mailster | Cross-Site Request Forgery (CSRF) |
| WP Nice Loader | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP System | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP微信机器人 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wtyczka SeoPilot dla WP | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| XPD Reduce Image Filesize | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Youtube Video Grid | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 876 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2025: | 110 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
