Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit. It is a +15% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Request Forgeries cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP CSRF APR 2024 & WP Cross-Site Request Forgery category:
| All In One WP Security & Firewall | Cross-Site Request Forgery (CSRF) |
| Appointment Booking Calendar | Cross-Site Request Forgery (CSRF) appointment scheduling |
| Automatic | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| BizPrint | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Broken Images | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Builder for WooCommerce reviews shortcodes – ReviewShort | Cross-Site Request Forgery (CSRF) |
| Bulgarisation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Calliope Theme | Cross-Site Request Forgery (CSRF) |
| Categorify | Multiple Cross-Site Request Forgery (CSRF) |
| Change default login logo,url and title | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Church Admin | Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Edit (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| CM Download Manager | Download Unpublish (BAC) via Cross-Site Request Forgery (CSRF) |
| Complianz – PDPA/CCPA Cookie Consent | Cross-Site Request Forgery (CSRF) to Data Request Deletion (BAC) |
| Contests by Rewards Fuel | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom WooCommerce Checkout Fields Editor | Cross-Site Request Forgery (CSRF) |
| Digits | Cross-Site Request Forgery (CSRF) to Privilege Escalation |
| DSGVO All in one for WP | Cross-Site Request Forgery (CSRF) |
| DX-Watermark | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) and Cross-Site Scripting (XSS) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Easy Social Feed | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| Events Manager | Cross-Site Request Forgery (CSRF) |
| File Manager | Cross-Site Request Forgery (CSRF) to Local JS File Inclusion (BAC) |
| GamiPress | Cross-Site Request Forgery (CSRF) |
| HUSKY – Products Filter for WooCommerce (formerly WOOF) | Cross-Site Request Forgery (CSRF) |
| Innovs HR | Employee Creation via Cross-Site Request Forgery (CSRF) |
| LadiApp | Cross-Site Request Forgery (CSRF) |
| Landingi Landing Pages | Cross-Site Request Forgery (CSRF) |
| Live Sales Notification for Woocommerce - Woomotiv | Cross-Site Request Forgery (CSRF) via ajax_cancel_review |
| LWS Optimize | Cross-Site Request Forgery (CSRF) |
| Nictitate Theme | Cross-Site Request Forgery (CSRF) |
| Ninja Forms | Cross-Site Request Forgery (CSRF) to Publicly Accessible Form Submission Export |
| Play.ht | Cross-Site Request Forgery (CSRF) |
| Popup Cart Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
| RegistrationMagic | Cross-Site Request Forgery (CSRF) |
| Related Posts for WordPress | Cross-Site Request Forgery (CSRF) |
| Shortlinks by Pretty Links | Cross-Site Request Forgery (CSRF) to Plugin Settings Update (BAC) |
| Simple Revisions Delete | Cross-Site Request Forgery (CSRF) |
| Simply Schedule Appointments | Cross-Site Request Forgery (CSRF) to Plugin Data Reset (BAC) |
| Slugs Manager | Cross-Site Request Forgery (CSRF) |
| Social Author Bio | Cross-Site Scripting (XSS) via Cross Site Request Forgery (CSRF) |
| Super Page Cache for Cloudflare | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Team Circle Image Slider With Lightbox | Cross-Site Request Forgery (CSRF) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Tumult Hype Animations | Cross-Site Request Forgery (CSRF) |
| Tutor LMS | Cross-Site Request Forgery (CSRF) to Plugin Deactivation and Data Erase |
| Woocommerce Social Media Share Buttons | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WOOCS – WooCommerce Currency Switcher | Cross-Site Request Forgery (CSRF) |
| WordPress Meta Data and Taxonomies Filter (MDTF) | Cross-Site Request Forgery (CSRF) |
| WP SMS | Cross-Site Request Forgery (CSRF) |
| WPCS | Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 157 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.