WP CSRF SEP 2024
WP Cross-Site Request Forgery
Tailored Woo/WP Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF SEP 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a -28% DECREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a tailored WP/Woo Security AUDIT, - OR - switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for tailored WP Security.
WHO needs tailored WP security? EVERYBODY!
Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
The following cases made headlines PUBLICLY in the WP CSRF SEP 2024 & WP Cross-Site Request Forgery category:
Advanced Form Integration | Cross-Site Request Forgery (CSRF) |
Analytify | Cross-Site Request Forgery (CSRF) Leading to Optout |
Backup and Restore WordPress | Cross-Site Request Forgery (CSRF) |
Blog Introduction | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
BP Profile Search | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Brave Popup Builder | Cross-Site Request Forgery (CSRF) |
Bricks Builder Theme | Cross-Site Request Forgery (CSRF) via save_settings |
Brizy – Page Builder | Cross-Site Request Forgery (CSRF) |
Christmasify! | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Dark Mode for WP Dashboard | Cross-Site Request Forgery (CSRF) |
Download Plugins and Themes from Dashboard | Cross-Site Request Forgery (CSRF) |
Email Address Encoder | Cross-Site Request Forgery (CSRF) |
Enhanced Search Box | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
Favicon Generator | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
Favicon Generator | File Upload (BAC) via Cross-Site Request Forgery (CSRF) |
Fonts | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)vulnerability |
Gixaw Chat | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Hummingbird | Cross-Site Request Forgery (CSRF) |
ILC Thickbox | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
ImageRecycle pdf & image compression | Cross-Site Request Forgery (CSRF) in Several AJAX Actions |
infolinks Ad Wrap | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
Insert PHP Code Snippet | Cross-Site Request Forgery (CSRF) |
LatePoint | Cross-Site Request Forgery (CSRF) |
LearnPress | Cross-Site Request Forgery (CSRF) |
MainWP Child Reports | Cross-Site Request Forgery (CSRF) to Options Update (BAC) |
Misiek Paypal | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Misiek Photo Album | Album Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
Misiek Photo Album | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Music Request Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
MyBookTable Bookstore | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue | Cross-Site Request Forgery (CSRF) |
OTA Sync Booking Engine Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
Podlove Podcast Publisher | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
Review Ratings | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Reviews Feed | Cross-Site Request Forgery (CSRF) |
Sender – Newsletter, SMS and Email Marketing Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
Simple Headline Rotator | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Simple Local Avatars | Cross-Site Request Forgery (CSRF) |
Snapshot Backup | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Special Feed Items | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
SpeedyCache | Cross-Site Request Forgery (CSRF) |
Stripe Payments For WooCommerce by Checkout | Cross-Site Request Forgery (CSRF) |
Superfly Menu | Cross-Site Request Forgery (CSRF) to File Deletion (BAC) |
Theme My Login | Cross-Site Request Forgery (CSRF) to Settings Update (BAC) |
Tourfic | Cross-Site Request Forgery (CSRF) in Multiple Functions |
TrueBooker | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
Tutor LMS | Cross-Site Request Forgery (CSRF) |
Vikinghammer Tweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
Visual Sound (old) | Settings Update (BAC) via Cross-Site Request Forgery (CSRF) |
WebinarPress | Cross-Site Request Forgery (CSRF) |
WooCommerce Customers Manager | Multiple Cross-Site Request Forgery (CSRF) |
WordPress File Upload | Cross-Site Request Forgery (CSRF) |
WP Armour Extended | Cross-Site Request Forgery (CSRF) |
WP Data Access | Cross-Site Request Forgery (CSRF) |
WP eMember | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
WP eStore | Settings Reset via Cross-Site Request Forgery (CSRF) |
WP MultiTasking | Multiple Cross-Site Request Forgery (CSRF) |
WP User Manager | Cross-Site Request Forgery (CSRF) |
WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 607 |
WHO needs tailored WP Maintenance? EVERYBODY!
Today’s reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order WP Cross-Site Request Forgery Patch Management.
Security is not a single-task job
Need tailored WP Security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.