WP CSRF MAY 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF MAY 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +267% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF MAY 2024 & WP Cross-Site Request Forgery category:
| Ads.txt Admin | Cross-Site Request Forgery (CSRF) |
| Advanced Search | Shortcode Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| AffiEasy | Cross-Site Request Forgery (CSRF) |
| Amelia | Cross-Site Request Forgery (CSRF) |
| AppPresser | Cross-Site Request Forgery (CSRF) |
| AppPresser | Cross-Site Request Forgery (CSRF) |
| ARForms Form Builder | Cross-Site Request Forgery (CSRF) |
| Asgaros Forum | Cross-Site Request Forgery (CSRF) |
| Automatic | Multiple Cross-Site Request Forgery (CSRF) |
| AWP Classifieds | Cross-Site Request Forgery (CSRF) |
| BEAF | Cross-Site Request Forgery (CSRF) |
| BEAR | Cross-Site Request Forgery (CSRF) |
| Before And After | Cross-Site Request Forgery (CSRF) |
| Benchmark Email Lite | Cross-Site Request Forgery (CSRF) |
| Better Chat Support | Cross-Site Request Forgery (CSRF) |
| Blocksy Companion | Cross-Site Request Forgery (CSRF) |
| Blocksy Theme | Cross-Site Request Forgery (CSRF) |
| BMI Adult & Kid Calculator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Calendarista Basic Edition | Cross-Site Request Forgery (CSRF) |
| Church Admin | Cross-Site Request Forgery (CSRF) |
| Church Content – Sermons, Events and More | Cross-Site Request Forgery (CSRF) |
| Citadela Listing | Cross-Site Request Forgery (CSRF) |
| CityLogic Theme | Cross-Site Request Forgery (CSRF) |
| Classified Listing | Cross-Site Request Forgery (CSRF) to Account Takeover via rtcl_Update (BAC)_user_account |
| ClickCease Click Fraud Protection | Cross-Site Request Forgery (CSRF) |
| CM Tooltip Glossary | Cross-Site Request Forgery (CSRF) |
| Coming Soon Page, Under Construction & Maintenance Mode by SeedProd | Cross-Site Request Forgery (CSRF) |
| Community by PeepSo | Cross-Site Request Forgery (CSRF) |
| Contact Form 7 Extension For Mailchimp | Cross-Site Request Forgery (CSRF) |
| Contact Form & Lead Form Elementor Builder | Cross-Site Request Forgery (CSRF) |
| Convert Post Types | Cross-Site Request Forgery (CSRF) |
| CP Media Player | Cross-Site Request Forgery (CSRF) |
| Crony Cronjob Manager | Cross-Site Request Forgery (CSRF) |
| Currency per Product for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Dashboard To Do List | Cross-Site Request Forgery (CSRF) |
| Decode Theme | Cross-Site Request Forgery (CSRF) |
| Default Mag Theme | Cross-Site Request Forgery (CSRF) |
| Delete Custom Fields | Cross-Site Request Forgery (CSRF) to Post Meta Deletion (BAC) |
| Digital Publications by Supsystic | Cross-Site Request Forgery (CSRF) |
| Download (BAC) IP2Location Country Blocker | Cross-Site Request Forgery (CSRF) |
| e2pdf | Cross-Site Request Forgery (CSRF) |
| Easy Digital Download (BAC)s | Cross-Site Request Forgery (CSRF) |
| Easy Google Maps | Cross-Site Request Forgery (CSRF) |
| eCommerce Product Catalog | Cross-Site Request Forgery (CSRF) |
| ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
| ELEX WooCommerce Dynamic Pricing and Discounts | Cross-Site Request Forgery (CSRF) |
| Email Marketing for WooCommerce by Omnisend | Cross-Site Request Forgery (CSRF) |
| Emmet Lite Theme | Cross-Site Request Forgery (CSRF) |
| ENL Newsletter | Campaign Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| ENL Newsletter | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| EnvíaloSimple | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Event Manager for WooCommerce | Cross-Site Request Forgery (CSRF) |
| EWWW Image Optimizer | Cross-Site Request Forgery (CSRF) |
| Extra Product Options Builder for WooCommerce | Cross-Site Request Forgery (CSRF) |
| FameTheme Demo Importer | Cross-Site Request Forgery (CSRF) |
| Favicon | Cross-Site Request Forgery (CSRF) |
| Feather Login Page | Cross-Site Request Forgery (CSRF) |
| Finale Lite | Cross-Site Request Forgery (CSRF) |
| Financio Theme | Cross-Site Request Forgery (CSRF) |
| Flash Video Player | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Gallery Box | Cross-Site Request Forgery (CSRF) |
| Generate Child Theme | Cross-Site Request Forgery (CSRF) |
| GEO my WordPress | Cross-Site Request Forgery (CSRF) |
| Gift Vouchers | Cross-Site Request Forgery (CSRF) |
| Gridsby Theme | Cross-Site Request Forgery (CSRF) |
| HappenStance Theme | Cross-Site Request Forgery (CSRF) |
| Headline Analyzer | Cross-Site Request Forgery (CSRF) |
| Hello Elementor Theme | Cross-Site Request Forgery (CSRF) |
| Hide Dashboard Notifications | Cross-Site Request Forgery (CSRF) |
| i excel Theme | Cross-Site Request Forgery (CSRF) |
| i max Theme | Cross-Site Request Forgery (CSRF) |
| Import any XML or CSV File to WordPress | Cross-Site Request Forgery (CSRF) |
| Inline Related Posts | Cross-Site Request Forgery (CSRF) |
| Intrace Theme | Cross-Site Request Forgery (CSRF) |
| Kimili Flash Embed | Cross-Site Request Forgery (CSRF) |
| Leadinfo | Cross-Site Request Forgery (CSRF) |
| LearnPress | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Legal Pages | Cross-Site Request Forgery (CSRF) |
| Libsyn Publisher Hub | Cross-Site Request Forgery (CSRF) |
| LifterLMS | Cross-Site Request Forgery (CSRF) |
| Lightning Theme | Cross-Site Request Forgery (CSRF) |
| Link Whisper Free | Cross-Site Request Forgery (CSRF) |
| Loan Repayment Calculator and Application Form | Cross-Site Request Forgery (CSRF) |
| Login With Ajax | Cross-Site Request Forgery (CSRF) |
| Login with phone number | Cross-Site Request Forgery (CSRF) |
| MailChimp Forms by MailMunch | Cross-Site Request Forgery (CSRF) |
| MainWP Child Reports | Cross-Site Request Forgery (CSRF) |
| Marker.io | Cross-Site Request Forgery (CSRF) |
| MF Gig Calendar | Cross-Site Request Forgery (CSRF) |
| MihanPanel | Cross-Site Request Forgery (CSRF) |
| MM email2image | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| MultiParcels Shipping For WooCommerce | Cross-Site Request Forgery (CSRF) |
| Multiple Page Generator Plugin – MPG | Cross-Site Request Forgery (CSRF) |
| Namaha Theme | Cross-Site Request Forgery (CSRF) |
| Newsletter | Cross-Site Request Forgery (CSRF) |
| News Wall | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| NewsXpress Theme | Cross-Site Request Forgery (CSRF) |
| NextMove Lite | Cross-Site Request Forgery (CSRF) |
| No Bot Registration | Cross-Site Request Forgery (CSRF) |
| Novelist | Cross-Site Request Forgery (CSRF) |
| NPS computy | Results Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Nudgify Social Proof, Sales Popup & FOMO | Cross-Site Request Forgery (CSRF) |
| OptinMonster | Cross-Site Request Forgery (CSRF) Notice Dismissal |
| Order Delivery Date for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Page Builder: Live Composer | Cross-Site Request Forgery (CSRF) |
| Paid Memberships Pro | Cross-Site Request Forgery (CSRF) |
| Paid Memberships Pro | Cross-Site Request Forgery (CSRF) |
| Paid Memberships Pro | Cross-Site Request Forgery (CSRF) |
| Paid Memberships Pro | Cross-Site Request Forgery (CSRF) |
| Paid Memberships Pro | Cross-Site Request Forgery (CSRF) |
| Paid Member Subscriptions | Cross-Site Request Forgery (CSRF) |
| Panoramic Theme | Cross-Site Request Forgery (CSRF) |
| PeproDev CF7 Database | Cross-Site Request Forgery (CSRF) |
| Photology Theme | Cross-Site Request Forgery (CSRF) |
| Piotnet Addons For Elementor Pro | Cross-Site Request Forgery (CSRF) |
| Pocket News Generator | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| PopularFX Theme | Cross-Site Request Forgery (CSRF) |
| Post Views Counter | Cross-Site Request Forgery (CSRF) |
| Product Input Fields for WooCommerce | Cross-Site Request Forgery (CSRF) |
| ProfileGrid | Cross-Site Request Forgery (CSRF) |
| Radio Station | Cross-Site Request Forgery (CSRF) |
| ReDi Restaurant Reservation | Cross-Site Request Forgery (CSRF) |
| ReDi Restaurant Reservation | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Regenerate post permalink | Cross-Site Request Forgery (CSRF) |
| Related Posts for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| RestroPress | Cross-Site Request Forgery (CSRF) |
| Royal Elementor Kit Theme | Cross-Site Request Forgery (CSRF) |
| Salon booking system | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Sangar Slider | Cross-Site Request Forgery (CSRF) |
| Sarada Lite Theme | Cross-Site Request Forgery (CSRF) |
| SecuPress Free | Cross-Site Request Forgery (CSRF) to Banned IP Address |
| Seers | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Sensible WP Theme | Cross-Site Request Forgery (CSRF) |
| SEO Booster | Cross-Site Request Forgery (CSRF) |
| Serious Slider | Cross-Site Request Forgery (CSRF) |
| Sheets To WP Table Live Sync | Cross-Site Request Forgery (CSRF) |
| Shopstar! Theme | Cross-Site Request Forgery (CSRF) |
| Sign up Sheets | Cross-Site Request Forgery (CSRF) |
| Simple Buttons Creator | Arbitrary Button Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Simple Post Notes | Cross-Site Request Forgery (CSRF) |
| Siteimprove | Cross-Site Request Forgery (CSRF) |
| Slash Admin | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Slideshow Gallery | Cross-Site Request Forgery (CSRF) |
| Sliding Door Theme | Cross-Site Request Forgery (CSRF) |
| Smart Forms | Edit Entries via Cross-Site Request Forgery (CSRF) |
| Smart Maintenance Mode | Cross-Site Request Forgery (CSRF) |
| Smart Online Order for Clover | Cross-Site Request Forgery (CSRF) Leading to Coupon Creation/Modification (BAC) |
| Smash Balloon Social Post Feed | Cross-Site Request Forgery (CSRF) |
| Soledad Theme | Cross-Site Request Forgery (CSRF) |
| Spa and Salon Theme | Cross-Site Request Forgery (CSRF) |
| Spotlight Social Media Feeds | Cross-Site Request Forgery (CSRF) |
| Sumo | Cross-Site Request Forgery (CSRF) |
| Sync Post With Other Site | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Table & Contact Form 7 Database – Tablesome | Cross-Site Request Forgery (CSRF) |
| Teluro | Cross-Site Request Forgery (CSRF) |
| TempTool [Show Current Template Info] | Cross-Site Request Forgery (CSRF) |
| The Conference Theme | Cross-Site Request Forgery (CSRF) |
| The Events Calendar | Cross-Site Request Forgery (CSRF) |
| Themify – WooCommerce Product Filter | Filter Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| The Pack Elementor addons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| TOP Table Of Contents | Cross-Site Request Forgery (CSRF) |
| Transcoder | Cross-Site Request Forgery (CSRF) |
| Travey Theme | Cross-Site Request Forgery (CSRF) |
| Ultimate Maps by Supsystic | Cross-Site Request Forgery (CSRF) |
| Ultimate Product Catalogue | Cross-Site Request Forgery (CSRF) |
| Unlimited Elementor Inner Sections By BoomDevs | Cross-Site Request Forgery (CSRF) |
| UsersWP | Cross-Site Request Forgery (CSRF) |
| USPS Shipping for WooCommerce – Live Rates | Cross-Site Request Forgery (CSRF) |
| Wallet System for WooCommerce | Cross-Site Request Forgery (CSRF) |
| WebinarIgnition | Cross-Site Request Forgery (CSRF) |
| Welcart e Commerce | Cross-Site Request Forgery (CSRF) |
| WOLF | Cross-Site Request Forgery (CSRF) |
| WooCommerce | Cross-Site Request Forgery (CSRF) |
| WooCommerce Cart Abandonment Recovery | Templates/Abandoned Orders Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WooCommerce Checkout Field Editor (Checkout Manager) | Cross-Site Request Forgery (CSRF) |
| WooCommerce UPS Shipping – Live Rates and Access (BAC) Points | Cross-Site Request Forgery (CSRF) |
| WordPress Comments Import & Export | Cross-Site Request Forgery (CSRF) |
| WordPress Hosting Benchmark tool | Cross-Site Request Forgery (CSRF) |
| WordPress Tooltips | Cross-Site Request Forgery (CSRF) leading to Cross-Site Scripting (XSS) |
| WP ADA Compliance Check Basic | Cross-Site Request Forgery (CSRF) |
| WPCal.io – Easy Meeting Scheduler | Cross-Site Request Forgery (CSRF) |
| WP Client Reports | Cross-Site Request Forgery (CSRF) |
| WP Compress – Image Optimizer [All In One] | Cross-Site Request Forgery (CSRF) |
| WP EasyCart | Cross-Site Request Forgery (CSRF) |
| WP Eggdrop | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| WP Event Aggregator | Cross-Site Request Forgery (CSRF) |
| WP GDPR Compliance | Cross-Site Request Forgery (CSRF) |
| WP Mail Catcher | Cross-Site Request Forgery (CSRF) |
| WP Matterport Shortcode | Cross-Site Request Forgery (CSRF) |
| WP Migration Plugin DB & Files – WP Synchro | Cross-Site Request Forgery (CSRF) |
| WP Server Health Stats | Cross-Site Request Forgery (CSRF) |
| WpTravelly | Cross-Site Request Forgery (CSRF) |
| XPlainer WooCommerce Product FAQ | Cross-Site Request Forgery (CSRF) |
| X T9 Theme | Cross-Site Request Forgery (CSRF) |
| YITH WooCommerce Compare | Cross-Site Request Forgery (CSRF) |
| Zeever Theme | Cross-Site Request Forgery (CSRF) |
| Zoho Campaigns | Cross-Site Request Forgery (CSRF) |
| Zoho Campaigns | Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 355 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
