Order today
WP CSRF APR 2025

WP CSRF APR 2025: 167 Bold WP Cross-Site Request Forgery

Sponsored by:

🔬 Conversion Rate Optimisation for your 🌐 WordPress & 🛒 WooCommerce: skyrocket sales with modern proven methods! The purpose of recurrent CRO services is to constantly improve the likelihood of visitors taking your desired action on your domain.

Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit. It is a +35% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

WP CSRF APR 2025

As these Cross-Site Request Forgeries cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP CSRF APR 2025 & WP Cross-Site Request Forgery category:

3DPrint Lite Cross-Site Request Forgery (CSRF)
AdSense Privacy Policy Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
AlphaOmega Captcha & Anti-Spam Filter Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
ANAC XML Render Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Anthologize Cross-Site Request Forgery (CSRF)
Auto Load Next Post Cross-Site Request Forgery (CSRF)
Awesome Logos Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi)
Back To Top Cross-Site Request Forgery (CSRF)
banner-manager Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
bbPress Cross-Site Request Forgery (CSRF) and Limited Privilege Escalation (BAC)
Booknetic Staff Creation from Cross-Site Request Forgery (CSRF)
Browser Address Bar Color Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Browser Caching with htaccess Cross-Site Request Forgery (CSRF)
Builder for Contact Form 7 by Webconstruct Cross-Site Request Forgery (CSRF)
Cackle Cross-Site Request Forgery (CSRF)
CallPhone'r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CAS Maestro Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Cazamba Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Christmas Panda Cross-Site Request Forgery (CSRF)
cits-support-svg-webp-media-upload Cross-Site Request Forgery (CSRF) and Font Assignment Deletion (BAC)
Comment Date and Gravatar remover Cross-Site Request Forgery (CSRF)
Contact Form 7 Material Design Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Contact Form 7 Select Box Editor Button Cross-Site Request Forgery (CSRF)
Cookies Pro Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CopyLink Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CSV to Responsive Tables Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
cTabs Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Currency Switcher for WooCommerce Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Custom Dashboard Page Cross-Site Request Forgery (CSRF)
Custom Field For WP Job Manager Cross-Site Request Forgery (CSRF)
Custom Fields Account Registration For Woocommerce Cross-Site Request Forgery (CSRF)
Custom Login Logo Cross-Site Request Forgery (CSRF)
Custom Script Integration Cross-Site Request Forgery (CSRF)
Custom top bar Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Custom Twitter Feeds (Tweets Widget) Cross-Site Request Forgery (CSRF) and Cache Reset from ctf_clear_cache_admin Function
Delete Original Image Cross-Site Request Forgery (CSRF)
Display Template Name Cross-Site Request Forgery (CSRF)
Domain Theme Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Easy 301 Redirects Cross-Site Request Forgery (CSRF)
Edd Google Sheet Connector Pro Cross-Site Request Forgery (CSRF) and Access Code Update (BAC)
Event Tickets with Ticket Scanner Tickets Deletion (BAC) from Cross-Site Request Forgery (CSRF)
External image replace Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
EZ SQL Reports Shortcode Widget and DB Backup Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
EZ SQL Reports Shortcode Widget and DB Backup Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi)
EZ SQL Reports Shortcode Widget and DB Backup Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Featured Posts Grid Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Fix Rss Feeds Cross-Site Request Forgery (CSRF)
Flexible Cookies Cross-Site Request Forgery (CSRF)
Flipdish Ordering System Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
Float menu Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
FoodBakery Cross-Site Request Forgery (CSRF)in Multiple Functions
Football Pool Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
Frontpage category filter Cross-Site Request Forgery (CSRF)
FTP Sync Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Generate Post Thumbnails Cross-Site Request Forgery (CSRF)
Gift Message for WooCommerce Cross-Site Request Forgery (CSRF)
Google News Editors Picks Feed Generator Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Google News Editors Picks Feed Generator Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Google Sheet Connector for Easy Digital Downloads Cross-Site Request Forgery (CSRF) and Access Code Update (BAC)
Go To Top Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
GP Back To Top Cross-Site Request Forgery (CSRF)
Hacklog Remote Image Autosave Cross-Site Request Forgery (CSRF)
Hashtags Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Hesabfa Accounting Cross-Site Request Forgery (CSRF)
Homey Theme Cross-Site Request Forgery (CSRF) and User Verification
I Am Gloria Cross-Site Request Forgery (CSRF)
Image Captcha Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
Image Slider / Slideshow Pearlbells Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Info Boxes Shortcode and Widget Cross-Site Request Forgery (CSRF)
Insert Code Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
InstaWP Connect Cross-Site Request Forgery (CSRF) and Local File Inclusion (LFi)
Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms Cross-Site Request Forgery (CSRF)
IP Based Login Log Deletion (BAC) from Cross-Site Request Forgery (CSRF)
jQuery Dropdown Menu Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
KK I Like It Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
LH OGP Meta Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Limit Bio Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
List of Posts from each Category plugin for WordPress Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Login Alert Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Login Logger Cross-Site Request Forgery (CSRF)
LoginPress Cross-Site Request Forgery (CSRF) and Options Update (BAC)
LWS SMS Cross-Site Request Forgery (CSRF)
Maintenance Notice Cross-Site Request Forgery (CSRF)
Maintenance Notice Cross-Site Request Forgery (CSRF)
Map Contact Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
MaxA/B Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Members page only for logged in users Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Microblog Poster Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Mobile Themes Cross-Site Request Forgery (CSRF)
NertWorks All in One Social Share Tools Cross-Site Request Forgery (CSRF)
Newscrunch Theme Cross-Site Request Forgery (CSRF) and File Upload (BAC)
No Disposable Email Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
OmniLeads Scripts and Tags Manager Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
OSS Upload Cross-Site Request Forgery (CSRF)
Photo Slideshow (Responsive) Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Picture Gallery Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Plugins Last Updated Column Cross-Site Request Forgery (CSRF)
Podlove Podcast Publisher Cross-Site Request Forgery (CSRF)from ajax_transcript_delete Function
price-calc Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Product Author for WooCommerce Cross-Site Request Forgery (CSRF)
Pro Rank Tracker Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
publish post email notification Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
Rankcheckerio Integration Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
reCAPTCHA for all Cross-Site Request Forgery (CSRF)
Recapture for WooCommerce Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC)
Related Post Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
Related Posts from Categories Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Replace Default Words Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
REST API TO MiniProgram Cross-Site Request Forgery (CSRF)
Rewrite Cross-Site Request Forgery (CSRF)
Secret Meta Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Serial Codes Generator and Validator with WooCommerce Support Cross-Site Request Forgery (CSRF)
ShowTime Slideshow Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Simple Optimizer Cross-Site Request Forgery (CSRF)
Simple Rating Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Simple Trackback Disabler Cross-Site Request Forgery (CSRF)
SimplyRETS Real Estate IDX Cross-Site Request Forgery (CSRF) to Multiple Admin Actions
Skrill Official Cross-Site Request Forgery (CSRF)
SoundCloud Ultimate Cross-Site Request Forgery (CSRF)
Spam Byebye Cross-Site Request Forgery (CSRF)
SpeakPipe Cross-Site Request Forgery (CSRF)
Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins Cross-Site Request Forgery (CSRF) and Post Publish
Store Locator Widget r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Super Static Cache Cross-Site Request Forgery (CSRF)
TabGarb Pro Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
tagDiv Composer Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
teachPress Cross-Site Request Forgery (CSRF) and Import Delete (BAC)
Terms of Use Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
The Visitor Counter Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Translator Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
TWB Woocommerce Reviews Cross-Site Request Forgery (CSRF)
Typekit plugin for WordPress Cross-Site Request Forgery (CSRF)
Ultimate Security Checker Cross-Site Request Forgery (CSRF) to Security Rescan
URL Shortener | Conversion Tracking | AB Testing | WooCommerce Cross-Site Request Forgery (CSRF)
Usermaven Cross-Site Request Forgery (CSRF)
UTM tags tracking for Contact Form 7 Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
ValidateCertify Cross-Site Request Forgery (CSRF)
Verge3D Cross-Site Request Forgery (CSRF)
Video Embedder Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
W3Counter Free Real-Time Web Stats Cross-Site Request Forgery (CSRF)
W3Counter Free Real-Time Web Stats Cross-Site Request Forgery (CSRF)
Wallet System for WooCommerce Cross-Site Request Forgery (CSRF)
WATI Chat and Notification Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WIP WooCarousel Lite Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Wishlist for WooCommerce: Multi Wishlists Per Customer Cross-Site Request Forgery (CSRF) and Cross-Site Scriping from Wishlist Name
WordPress Admin Bar Improved Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto Cross-Site Request Forgery (CSRF) and Results Deletion (BAC)
WordPress SQL Backup Cross-Site Request Forgery (CSRF)
WordPres 同步微博 Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Add Active Class To Menu Item Cross-Site Request Forgery (CSRF)
WP Bulk Post Duplicator Cross-Site Request Forgery (CSRF)
WP Compare Tables Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Database Optimizer Cross-Site Request Forgery (CSRF)
WP e-Commerce Style Email Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
WP Google Review Slider Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi)
WP Hide Admin Bar Cross-Site Request Forgery (CSRF)
WP jQuery Persian Datepicker Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP No-Bot Question Cross-Site Request Forgery (CSRF)
WP Odoo Form Integrator Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Ride Booking Cross-Site Request Forgery (CSRF)
wpShopGermany IT-RECHT KANZLEI Cross-Site Request Forgery (CSRF)
WP Supersized Cross-Site Request Forgery (CSRF)
XV Random Quotes Settings Reset from Cross-Site Request Forgery (CSRF)
XV Random Quotes Settings Reset from Cross-Site Request Forgery (CSRF)
Yummly Rich Recipes Cross-Site Request Forgery (CSRF)
ZipList Recipe Cross-Site Request Forgery (CSRF)
Zoorum Comments Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS)
WordPress CSRF & Cross-Site Request Forgery reported in 2023: 949
WordPress CSRF & Cross-Site Request Forgery reported in 2024: 876
WordPress CSRF & Cross-Site Request Forgery reported in 2025: 619
Contact your online project manager:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online administration © 2023 - 2025 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.

en en
×