Order today
WP CSRF JAN 2025

WP CSRF JAN 2025: 110 Bold WP Cross-Site Request Forgery

Sponsored by:

Order managed WooCommerce bundle: security, maintenance, speed, backup and monitoring. Managed for you on your domain, inside your hosting account, in your country. Each recurrent service costs the price of a single coffee, from your local barista, per week.

Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF JAN 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit. It is a +5% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed Security.

Contact your online project manager:

book a meeting

Order managed services

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your 3rd party integrations still work, your partners and your customers are happy.

There hasn’t been a crisis or “online emergency” in ages, and all your reports are OK and green. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

WP CSRF JAN 2025

As these Cross-Site Request Forgeries cases from publicly reported vulnerable plugins are on your domain, it opens Pandora’s box from a security point of view. The following cases made headlines PUBLICLY just last month in the WP CSRF JAN 2025 & WP Cross-Site Request Forgery category:

3DPrint Lite Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Add image to Post Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
addWeather Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Admin Customization Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Advanced Fancybox Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
AIcomments Cross-Site Request Forgery (CSRF)
AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot Cross-Site Request Forgery (CSRF)
Amazon Product Price Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Aphorismus Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
AppMaps Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Arena.IM – Live Blogging for real-time events Cross-Site Request Forgery (CSRF) to Settings Update (BAC)
AutoWP Cross-Site Request Forgery (CSRF)
Avada Theme Cross-Site Request Forgery (CSRF)
Bet sport Free Cross-Site Request Forgery (CSRF)
Category of Posts Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CK and SyntaxHighlighter Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Clickbank Storefront Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CLUEVO LMS, E-Learning Platform Cross-Site Request Forgery (CSRF) to Module Deletion (BAC)
CodeBard Help Desk Cross-Site Request Forgery (CSRF)
Contact Form 7 Dynamic Text Extension Cross-Site Request Forgery (CSRF)
Cost Calculator Builder Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
Country Blocker Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
CRUDLab Google Plus Button Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
dejure.org Vernetzungsfunktion Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Display Future Posts Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
DN Shipping by Weight for WooCommerce Settings Update (BAC) from Cross-Site Request Forgery (CSRF)
DTC Documents Cross-Site Request Forgery (CSRF)
DX Dark Site Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
eCommerce Product Catalog Cross-Site Request Forgery (CSRF) to Password Reset
ECT Product Carousel Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
ECT Social Share Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
EditionGuard for WooCommerce – eBook Sales with DRM Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
EELV Newsletter Cross-Site Request Forgery (CSRF)
eewee admin custom Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Event Espresso 4 Decaf Cross-Site Request Forgery (CSRF)
Fancy Roller Scroller Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Flaming Forms Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Flash News / Post (Responsive) Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Floating Video Player Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
gap-hub-user-role Cross-Site Request Forgery (CSRF) to Broken Authentication (BAC)
Gaxx Keywords Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Geoportail Shortcode Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
GitSync Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Go Animate Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
GTPayment Donations Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF)
Hack-Info Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Hello In All Languages Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Hestia Nginx Cache Cross-Site Request Forgery (CSRF)
Hive Support – WordPress Help Desk Cross-Site Request Forgery (CSRF)
HQ Rental Software Cross-Site Request Forgery (CSRF) to Arbitrary Options Update (BAC)
Increase Sociability Cross-Site Request Forgery (CSRF)
Insertify Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
Interactive UK Map Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
I Plant A Tree Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
jCarousel Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Jet Footer Code Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
LeaderBoard Plugin Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Like in Vk.com Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
LionScripts: Site Maintenance & Noindex Nofollow Plugin Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Mandrill WP Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Maspik – Spam blacklist Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
MDC Comment Toolbar Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Metrika Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Multiple Admin Emails Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Namaste! LMS Cross-Site Request Forgery (CSRF)
Online Booking & Scheduling Calendar for WordPress by vcita Cross-Site Request Forgery (CSRF)
Onlywire Multi Autosubmitter Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Paloma Widget Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Peter’s Custom Anti-Spam Cross-Site Request Forgery (CSRF) from cas_register_post Function
phZoom Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Poll Maker Cross-Site Request Forgery (CSRF) to Poll Duplication (BAC)
Posti Shipping Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) from generate_notices_html Function
Posti Shipping Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
Pulsating Chat Button Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Push Monkey Pro – Web Push Notifications and WooCommerce Abandoned Cart Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Reactflow Visitor Recording and Heatmaps Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
SearchIQ Cross-Site Requst Forgery (CSRF)
Simple Booking Widget Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Simple Redirection Cross-Site Request Forgery (CSRF) to Arbitrary Site Redirect
Sinking Dropdowns Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
SIP Calculator Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
SliceWP Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
SMS for WooCommerce Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Social Media Sharing Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Sogrid Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
SOPA Blackout Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Stop Registration Spam Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Themify Store Locator Cross-Site Request Forgery (CSRF)
Tidy Up Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Ui Slider Filter By Price Cross-Site Request Forgery (CSRF)
User Role Editor Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
Visual Recent Posts Cross-Site Request Forgery (CSRF)
Wayne Audio Player Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC)
WordPress Filter Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP-Ban-User Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Controller Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WPC Order Notes for WooCommerce Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Currency Exchange Rates Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Fiddle Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Flipkart Importer Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP-HideThat Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WPLegalPages Cross-Site Request Forgery (CSRF)
Wp Login with Ajax Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP Mailster Cross-Site Request Forgery (CSRF)
WP Nice Loader Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP System Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
WP微信机器人 Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Wtyczka SeoPilot dla WP Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
XPD Reduce Image Filesize Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS)
Youtube Video Grid Cross-Site Request Forgery (CSRF) to Settings Change (BAC)
WordPress CSRF & Cross-Site Request Forgery reported in 2023: 949
WordPress CSRF & Cross-Site Request Forgery reported in 2024: 876
WordPress CSRF & Cross-Site Request Forgery reported in 2025: 110
Contact your online project manager:

book a meeting

Get managed security

Fast forward 2-3 years: your business is on autopilot, yet you are in control. Your website is humming along, leads & customers are rolling in.

There hasn’t been a crisis or “website emergency” in ages, and all your charts are pointing up and to the right. Whimsical? The future is already here. Step into your future today.
ORDER NOW
+40.720.14.62.87
csaba@ultrai.ae

Table Of Contents


A cup of coffee makes a difference ...

How wonderful would be to simply let others take care of your chores? We absolutely understand why you would want that. This is why we propose this unique campaign: the price of a premium cup of coffee per week, for your first managed service.
Start simply by contacting us with your selections:

LAUNCH:
Your own WEBSITE Your own E-SHOP with AI-Powered Automation Your own social COMMUNITY Your own PRO EXPERTISE
GROW:
with AI-Powered Automation Grow your WordPress Grow your WooCommerce Grow your Shopify
TOP MANAGED SERVICES:
managed SECURITY managed PAGESPEED managed CRM managed Newsletter
ABOUT US:
About ultrai Privacy Policy Terms & Conditions
ultrai.ae managed online administration © 2023 - 2025 – All rights reserved
We’re on an empowering mission for customers, who desire not to be transformed forcefully into IT experts.
ultrai.ae

Sign up for our newsletter

We send just one email a month with technical updates.
Topics include: XSS, CSRF, SSRF, SQLi, BAC.

We care about the protection of your personal data. Update, subscribe or unsubscribe anytime. Read our Privacy Policy.