WP CSRF SEP 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF SEP 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a -28% DECREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin – OR – Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today’s reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate “gazillion” different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF SEP 2024 & WP Cross-Site Request Forgery category:
| Advanced Form Integration | Cross-Site Request Forgery (CSRF) |
| Analytify | Cross-Site Request Forgery (CSRF) Leading to Optout |
| Backup and Restore WordPress | Cross-Site Request Forgery (CSRF) |
| Blog Introduction | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Brave Popup Builder | Cross-Site Request Forgery (CSRF) |
| Bricks Builder Theme | Cross-Site Request Forgery (CSRF) via save_settings |
| Brizy – Page Builder | Cross-Site Request Forgery (CSRF) |
| Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Dark Mode for WP Dashboard | Cross-Site Request Forgery (CSRF) |
| Download Plugins and Themes from Dashboard | Cross-Site Request Forgery (CSRF) |
| Email Address Encoder | Cross-Site Request Forgery (CSRF) |
| Enhanced Search Box | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Favicon Generator | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
| Favicon Generator | File Upload (BAC) via Cross-Site Request Forgery (CSRF) |
| Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
| Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Hummingbird | Cross-Site Request Forgery (CSRF) |
| ILC Thickbox | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| ImageRecycle pdf & image compression | Cross-Site Request Forgery (CSRF) in Several AJAX Actions |
| infolinks Ad Wrap | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| Insert PHP Code Snippet | Cross-Site Request Forgery (CSRF) |
| LatePoint | Cross-Site Request Forgery (CSRF) |
| LearnPress | Cross-Site Request Forgery (CSRF) |
| MainWP Child Reports | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
| Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Misiek Photo Album | Album Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Cross-Site Request Forgery (CSRF) |
| OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Podlove Podcast Publisher | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) (RCE) |
| Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Reviews Feed | Cross-Site Request Forgery (CSRF) |
| Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Simple Local Avatars | Cross-Site Request Forgery (CSRF) |
| Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| SpeedyCache | Cross-Site Request Forgery (CSRF) |
| Stripe Payments For WooCommerce by Checkout | Cross-Site Request Forgery (CSRF) |
| Superfly Menu | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
| Theme My Login | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
| Tourfic | Cross-Site Request Forgery (CSRF) in Multiple Functions |
| TrueBooker | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Tutor LMS | Cross-Site Request Forgery (CSRF) |
| Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Visual Sound (old) | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
| WebinarPress | Cross-Site Request Forgery (CSRF) |
| WooCommerce Customers Manager | Multiple Cross-Site Request Forgery (CSRF) |
| WordPress File Upload | Cross-Site Request Forgery (CSRF) |
| WP Armour Extended | Cross-Site Request Forgery (CSRF) |
| WP Data Access | Cross-Site Request Forgery (CSRF) |
| WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| WP eStore | Settings Reset via Cross-Site Request Forgery (CSRF) |
| WP MultiTasking | Multiple Cross-Site Request Forgery (CSRF) |
| WP User Manager | Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 607 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
