WP CSRF MAR 2025
WP Cross-Site Request Forgery
Managed Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF MAR 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a -43% DECREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF MAR 2025 & WP Cross-Site Request Forgery category:
1 Click WordPress Migration | Cross-Site Request Forgery (CSRF) to Backup Process Cancellation |
A1POST.BG Shipping for Woo | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
Add Linked Images To Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Admin Menu Manager | Cross-Site Request Forgery (CSRF) |
All-In-One Cufon | Cross-Site Request Forgery (CSRF) |
Apptivo Business Site CRM | Cross-Site Request Forgery (CSRF) to IP Address Block |
Auto SEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Auto Tag Links | Cross-Site Request Forgery (CSRF) |
Awesome Event Booking | Cross-Site Request Forgery (CSRF) |
Blightly Explorer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Book a Room | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
Booknetic | Cross-Site Request Forgery (CSRF) |
BookPress – For Book Authors | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Bootstrap collapse | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Bulk Content Creator | Cross-Site Request Forgery (CSRF) |
Car Dealer Theme | Cross-Site Request Forgery (CSRF) to User Update from update_user_profile |
Child Themes Helper | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
ClickWhale | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
Content Snippet Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Custom Comment Notifications | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Custom Links On Admin Dashboard Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
DirectoryPress Frontend | Cross-Site Request Forgery (CSRF) to Listing Status Update (BAC) |
Disable Auto Updates | Cross-Site Request Forgery (CSRF) to Auto-update Disable |
DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) to Account Deletion (BAC) |
DX-auto-publish | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Easy Amazon Product Information | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Easy Booked – Appointment Booking and Scheduling Management System for WordPress | Cross-Site Request Forgery (CSRF) |
Easy Related Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ecwid Shopping Cart | Cross-Site Request Forgery (CSRF) to Send Deactivation Message |
Erima Zarinpal Donate | Cross-Site Request Forgery (CSRF) |
F12-Profiler | Cross-Site Request Forgery (CSRF) |
Facilita Form Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Filled In | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Flexible Wishlist for WooCommerce | Cross-Site Request Forgery (CSRF) to Wishlist Creation/Modification (BAC) |
Fontsampler | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Fyrebox Quizzes | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Glance That | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Global Meta Keyword & Description | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
GlobalQuran | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
Houzez Property Feed | Cross-Site Request Forgery (CSRF) to Property Feed Export Deletion (BAC) |
Indeed API | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
Infusionsoft Analytics | Cross-Site Request Forgery (CSRF) |
JPG, PNG Compression and Optimization | Cross-Site Request Forgery (CSRF) |
Just Variables | Cross-Site Request Forgery (CSRF) |
LikeBot | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Listings for Appfolio | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
List Urls | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Login-box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
magayo Lottery Results | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
MemorialDay | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Minimum Password Strength | Cross-Site Request Forgery (CSRF) |
Mortgage Lead Capture System | Cross-Site Request Forgery (CSRF) to Settings Reset |
Munk Sites | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
My Login Logout Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Namaste! LMS | Cross-Site Request Forgery (CSRF) |
Naver Syndication V2 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Önceki Yazı Link | Cross-Site Request Forgery (CSRF) |
OneStore Sites | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
On Page SEO + Whatsapp Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Option Editor | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
Page/Post Specific Social Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Phee's LinkPreview | Cross-Site Request Forgery (CSRF) |
Photo Gallery ( Responsive ) | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
Post Thumbs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Print PDF Generator and Publisher | Cross-Site Request Forgery (CSRF) |
Quote Comments | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
RateMyAgent Official | Cross-Site Request Forgery (CSRF) to API Key Update |
RAYS Grid | Cross-Site Request Forgery (CSRF) |
Read More Copy Link | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Related Posts Line-up-Exactly by Milliard | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Reset | Cross-Site Request Forgery (CSRF) to Database Reset |
Royal Elementor Addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
RSS Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
School Management System – SakolaWP | Cross-Site Request Forgery (CSRF) to Exam Setting Manipulation (BAC) |
ShopSite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Shopwarden | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
Show notice or message on admin area | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Auto Tag | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Documentation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple Google Sitemap | Cross-Site Request Forgery (CSRF) |
Simple Responsive Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Simple User Profile | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Smart DoFollow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Smart Maintenance & Countdown | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Songkick Concerts and Festivals | Cross-Site Request Forgery (CSRF) |
SpeedSize Image & Video AI-Optimizer | Cross-Site Request Forgery (CSRF) to Clear Cache |
StaffList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Starter Templates by FancyWP | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
Style Tweaker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Subscriptions & Memberships for PayPal | Cross-Site Request Forgery (CSRF) to Post Deletion (BAC) |
Theasys | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Theme Options Z | Cross-Site Request Forgery (CSRF) |
TinyMCE Advanced qTranslate fix editor problems | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Tribulant Gallery Voting | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Ultimate Classified Listings | Cross-Site Request Forgery (CSRF) to Account Takeover (BAC) |
URL-Preview-Box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Vignette Ads | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
VikBooking Hotel Booking Engine & PMS | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
what3words Address Field | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Wibiya Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Woocommerce – Loi Hamon | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WooCommerce Recargo de Equivalencia | Cross-Site Request Forgery (CSRF) |
WordPress File Upload (BAC) | Cross-Site Request Forgery (CSRF) in wfu_file_details |
WP Abstracts | Cross-Site Request Forgery (CSRF) to Account Deletion (BAC) |
WP Admin Custom Page | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP All Import | Cross-Site Request Forgery (CSRF) to Imported Content Deletion (BAC) |
WP All Import Pro | Cross-Site Request Forgery (CSRF) to Imported Content Deletion (BAC) |
WP Custom Post RSS Feed | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Finance | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
WP Find Your Nearest | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
WP Html Page Sitemap | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Keyword Monitor | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Media Category Management | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
WP PHPList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP-PostRatings Cheater | Cross-Site Request Forgery (CSRF) |
WP Projects Portfolio | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
Wp Social | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
WP Social Stream | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WP Spell Check | Cross-Site Request Forgery (CSRF) |
WP System Log | Cross-Site Request Forgery (CSRF) |
WPUpper Share Buttons | Cross-Site Request Forgery (CSRF) to Custom CSS Update |
WP Video Posts | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
ZMSEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
无觅相关文章插件 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 876 |
WordPress CSRF & Cross-Site Request Forgery reported in 2025: | 452 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
Not sure that our recurrent security offer is worthy of long-term consideration? Contact us today for a Cross-Site Request Forgery audit! Decide after you compare RISK + IMPACT versus COST.
We’re passionate about helping you grow and make your impact
Continue being informed
Monthly vulnerability reports about WordPress and WooCommerce, plugins, themes.
Weekly inspiration, news and occasional with hand-picked deals. Unsubscribe anytime.