Discover Tuta Mail: Turn ON Privacy. Take back your data with Tuta's encrypted email, calendar and contacts.
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF AUG 2024 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit. It is a +57% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.
As these Cross-Site Request Forgeries cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP CSRF AUG 2024 & WP Cross-Site Request Forgery category:
| Advanced AJAX Page Loader | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Affiliate Manager | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Affiliate Manager | Profile Update (BAC) via Cross-Site Request Forgery (CSRF) |
| Affiliate Manager | Affiliate Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Animated Rotating Words | Cross-Site Request Forgery (CSRF) |
| ArtPlacer Widget | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Ashe Theme | Cross-Site Request Forgery (CSRF) |
| Attachment File Icons | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Bard Theme | Cross-Site Request Forgery (CSRF) |
| Blocksy Theme | Cross-Site Request Forgery (CSRF) |
| BuddyBoss Theme Theme | Cross-Site Request Forgery (CSRF) |
| CM Email Registration Blacklist and Whitelist | Add/Delete Emails via Cross-Site Request Forgery (CSRF) Add and delete any item from blacklist/whitelist |
| CM On Demand Search And Replace | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Comment Reply Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Community Events | Event Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| Conditional Fields for Contact Form | Cross-Site Request Forgery (CSRF) to Plugin Setting Reset (BAC) |
| Construction Landing Page Theme | Cross-Site Request Forgery (CSRF) |
| Contact Form Summary and Print | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Cooked | Multiple Cross-Site Request Forgery (CSRF) |
| Event post | Cross-Site Request Forgery (CSRF) |
| Event Tickets | Cross-Site Request Forgery (CSRF) |
| Floating Social Buttons | Cross-Site Request Forgery (CSRF) |
| Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Deletion (BAC) |
| Generate PDF using Contact Form | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Google Adsense & Banner Ads by AdsforWP | Cross-Site Request Forgery (CSRF) |
| Hestia Theme | Cross-Site Request Forgery (CSRF) |
| Highlight Theme | Cross-Site Request Forgery (CSRF) |
| Himer Theme | Multiple Cross-Site Request Forgery (CSRF) |
| HTML Forms | Bulk Delete via Cross-Site Request Forgery (CSRF) |
| iamaze Theme | Cross-Site Request Forgery (CSRF) |
| Internal Link Juicer: SEO Auto Linker for WordPress | Cross-Site Request Forgery (CSRF) |
| itransform Theme | Cross-Site Request Forgery (CSRF) |
| Just Custom Fields | Cross-Site Request Forgery (CSRF) via AJAX actions |
| Lawyer Landing Page Theme | Cross-Site Request Forgery (CSRF) |
| Leaky Paywall | Cross-Site Request Forgery (CSRF) |
| Light Poll | Poll Answers Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| ListingPro Theme | Cross-Site Request Forgery (CSRF) to Account Takeover |
| LiteSpeed Cache | Cross-Site Request Forgery (CSRF) (CSRF) to Cross-Site Scripting (XSS) |
| Matomo Analytics | Cross-Site Request Forgery (CSRF) leading to Notice Dismissal |
| MBE eShip | Cross-Site Request Forgery (CSRF) |
| Metorik – Reports & Email Automation for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Nested Pages | Cross-Site Request Forgery (CSRF) to Local File Inclusion (LFi) |
| Ninja Forms | Cross-Site Request Forgery (CSRF) |
| Oceanic Theme | Cross-Site Request Forgery (CSRF) |
| Pardakht Delkhah | Form Fields Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Patricia Blog Theme | Cross-Site Request Forgery (CSRF) |
| Patricia Lite Theme | Cross-Site Request Forgery (CSRF) |
| Point Theme | Cross-Site Request Forgery (CSRF) |
| Popularis Verse Theme | Cross-Site Request Forgery (CSRF) |
| Posterity Theme | Cross-Site Request Forgery (CSRF) |
| Pricing Table | Cross-Site Request Forgery (CSRF) via ajax |
| pzfrontendmanager | Cross-Site Request Forgery (CSRF) change user profile picture |
| Rara Business Theme | Cross-Site Request Forgery (CSRF) |
| Rife Free Theme | Cross-Site Request Forgery (CSRF) |
| ScrollTo Bottom | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| ScrollTo Top | Cross-Site Request Forgery (CSRF) to Arbitrary File Upload (BAC) |
| Send email only on Reply to My Comment | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Seraphinite Accelerator (Full, premium) | Cross-Site Request Forgery (CSRF) Leading to Arbitrary File Deletion (BAC) |
| sitetweet | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| Smart Image Gallery | Update/Delete Google API Key via Cross-Site Request Forgery (CSRF) |
| Smartsupp – live chat, chatbots, AI and lead generation | Cross-Site Request Forgery (CSRF) |
| Snippet Shortcodes | Cross-Site Request Forgery (CSRF) |
| Social Auto Poster | Cross-Site Request Forgery (CSRF) via Multiple Functions |
| SociallyViral Theme | Cross-Site Request Forgery (CSRF) |
| SULly | Cross-Site Scripting (XSS) via Cross-Site Request Forgery (CSRF) |
| SULly | Plugin Reset (BAC) via Cross-Site Request Forgery (CSRF) |
| Swift Performance Lite | Cross-Site Request Forgery (CSRF) |
| Taggbox | Cross-Site Request Forgery (CSRF) |
| Telegram Bot & Channel | Cross-Site Request Forgery (CSRF) |
| The Events Calendar | Cross-Site Request Forgery (CSRF) |
| Trendy News Theme | Cross-Site Request Forgery (CSRF) |
| Ultimate Auction | Cross-Site Request Forgery (CSRF) |
| WordPress Cliengo Chatbot plugin | Cross-Site Request Forgery (CSRF) |
| WP Ajax Contact Form | Arbitrary Email Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WP eMember | Bulk Delete via Cross-Site Request Forgery (CSRF) |
| WP eMember | Cross-Site Scripting (XSS) in Blacklist via Cross-Site Request Forgery (CSRF) |
| WP eStore | Coupon Deletion (BAC) via Cross-Site Request Forgery (CSRF) |
| WP Fast Total Search | Cross-Site Request Forgery (CSRF) |
| WP GoToWebinar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WPQA Builder forms Addon | Arbitrary Category and Tag Follow/Unfollow via Cross-Site Request Forgery (CSRF) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 549 |
How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of one cup of coffee for a managed service.
Start simply by contacting us with your selections:
We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.