WP CSRF MAR 2025
WP Cross-Site Request Forgery
Managed Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF MAR 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a -43% DECREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin – OR – Hire us for your recurrent needs of managed WordPress Security and managed WooCommerce Security.
WHO needs managed WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF MAR 2025 & WP Cross-Site Request Forgery category:
| 1 Click WordPress Migration | Cross-Site Request Forgery (CSRF) to Backup Process Cancellation |
| A1POST.BG Shipping for Woo | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Add Linked Images To Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Admin Menu Manager | Cross-Site Request Forgery (CSRF) |
| All-In-One Cufon | Cross-Site Request Forgery (CSRF) |
| Apptivo Business Site CRM | Cross-Site Request Forgery (CSRF) to IP Address Block |
| Auto SEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Auto Tag Links | Cross-Site Request Forgery (CSRF) |
| Awesome Event Booking | Cross-Site Request Forgery (CSRF) |
| Blightly Explorer | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Book a Room | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| Booknetic | Cross-Site Request Forgery (CSRF) |
| BookPress – For Book Authors | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Bootstrap collapse | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Bulk Content Creator | Cross-Site Request Forgery (CSRF) |
| Car Dealer Theme | Cross-Site Request Forgery (CSRF) to User Update from update_user_profile |
| Child Themes Helper | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
| ClickWhale | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| Content Snippet Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Comment Notifications | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Links On Admin Dashboard Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| DirectoryPress Frontend | Cross-Site Request Forgery (CSRF) to Listing Status Update (BAC) |
| Disable Auto Updates | Cross-Site Request Forgery (CSRF) to Auto-update Disable |
| DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) to Account Deletion (BAC) |
| DX-auto-publish | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy Amazon Product Information | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy Booked – Appointment Booking and Scheduling Management System for WordPress | Cross-Site Request Forgery (CSRF) |
| Easy Related Posts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ecwid Shopping Cart | Cross-Site Request Forgery (CSRF) to Send Deactivation Message |
| Erima Zarinpal Donate | Cross-Site Request Forgery (CSRF) |
| F12-Profiler | Cross-Site Request Forgery (CSRF) |
| Facilita Form Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Filled In | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Flexible Wishlist for WooCommerce | Cross-Site Request Forgery (CSRF) to Wishlist Creation/Modification (BAC) |
| Fontsampler | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Fyrebox Quizzes | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Glance That | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Global Meta Keyword & Description | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| GlobalQuran | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| Houzez Property Feed | Cross-Site Request Forgery (CSRF) to Property Feed Export Deletion (BAC) |
| Indeed API | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| Infusionsoft Analytics | Cross-Site Request Forgery (CSRF) |
| JPG, PNG Compression and Optimization | Cross-Site Request Forgery (CSRF) |
| Just Variables | Cross-Site Request Forgery (CSRF) |
| LikeBot | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Listings for Appfolio | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| List Urls | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Login-box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| magayo Lottery Results | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| MemorialDay | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Minimum Password Strength | Cross-Site Request Forgery (CSRF) |
| Mortgage Lead Capture System | Cross-Site Request Forgery (CSRF) to Settings Reset |
| Munk Sites | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
| My Login Logout Plugin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Namaste! LMS | Cross-Site Request Forgery (CSRF) |
| Naver Syndication V2 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Önceki Yazı Link | Cross-Site Request Forgery (CSRF) |
| OneStore Sites | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
| On Page SEO + Whatsapp Chat Button | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Option Editor | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
| Page/Post Specific Social Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Phee's LinkPreview | Cross-Site Request Forgery (CSRF) |
| Photo Gallery ( Responsive ) | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Post Thumbs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Print PDF Generator and Publisher | Cross-Site Request Forgery (CSRF) |
| Quote Comments | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| RateMyAgent Official | Cross-Site Request Forgery (CSRF) to API Key Update |
| RAYS Grid | Cross-Site Request Forgery (CSRF) |
| Read More Copy Link | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Related Posts Line-up-Exactly by Milliard | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Reset | Cross-Site Request Forgery (CSRF) to Database Reset |
| Royal Elementor Addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| RSS Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| School Management System – SakolaWP | Cross-Site Request Forgery (CSRF) to Exam Setting Manipulation (BAC) |
| ShopSite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Shopwarden | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
| Show notice or message on admin area | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Auto Tag | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Documentation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Google Sitemap | Cross-Site Request Forgery (CSRF) |
| Simple Responsive Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple User Profile | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Smart DoFollow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Smart Maintenance & Countdown | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Songkick Concerts and Festivals | Cross-Site Request Forgery (CSRF) |
| SpeedSize Image & Video AI-Optimizer | Cross-Site Request Forgery (CSRF) to Clear Cache |
| StaffList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Starter Templates by FancyWP | Cross-Site Request Forgery (CSRF) to Plugin Installation (BAC) |
| Style Tweaker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Subscriptions & Memberships for PayPal | Cross-Site Request Forgery (CSRF) to Post Deletion (BAC) |
| Theasys | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Theme Options Z | Cross-Site Request Forgery (CSRF) |
| TinyMCE Advanced qTranslate fix editor problems | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tribulant Gallery Voting | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ultimate Classified Listings | Cross-Site Request Forgery (CSRF) to Account Takeover (BAC) |
| URL-Preview-Box | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Vignette Ads | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| VikBooking Hotel Booking Engine & PMS | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| what3words Address Field | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wibiya Toolbar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Woocommerce – Loi Hamon | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WooCommerce Recargo de Equivalencia | Cross-Site Request Forgery (CSRF) |
| WordPress File Upload (BAC) | Cross-Site Request Forgery (CSRF) in wfu_file_details |
| WP Abstracts | Cross-Site Request Forgery (CSRF) to Account Deletion (BAC) |
| WP Admin Custom Page | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP All Import | Cross-Site Request Forgery (CSRF) to Imported Content Deletion (BAC) |
| WP All Import Pro | Cross-Site Request Forgery (CSRF) to Imported Content Deletion (BAC) |
| WP Custom Post RSS Feed | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Finance | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| WP Find Your Nearest | Cross-Site Request Forgery (CSRF) to Settings Change (BAC) |
| WP Html Page Sitemap | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Keyword Monitor | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Media Category Management | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| WP PHPList | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP-PostRatings Cheater | Cross-Site Request Forgery (CSRF) |
| WP Projects Portfolio | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Wp Social | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| WP Social Stream | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Spell Check | Cross-Site Request Forgery (CSRF) |
| WP System Log | Cross-Site Request Forgery (CSRF) |
| WPUpper Share Buttons | Cross-Site Request Forgery (CSRF) to Custom CSS Update |
| WP Video Posts | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
| ZMSEO | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| 无觅相关文章插件 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 876 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2025: | 452 |
WHO needs managed WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need managed WP Security and got no clue where to start? Hire an expert. Pay a coffee per week, its cheaper than 1 hour for a freelancer.
