443 Dirty CSRF APR 2022 | Cross-Site Request Forgery APR 2022

CSRF APR 2022 – Cross-Site Request Forgery APR 2022

Managed WP/Woo Security Report

Be informed about the latest Cross-Site Request Forgery APR 2022, identified and reported publicly. As these CSRF APR 2022 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.

An estimated 5.999.000+ active WordPress installations are susceptible to this attack type, considering only the publicly available numbers. It is a jaw dropping 3927% INCREASE of reported vulnerability compared to last month. The estimated number can increase by 5-10% with premium versions as they are private purchases.Furthermore, the initial estimation can triple if we consider the already patched versions BUT NOT UPDATED by owners, as the vulnerability remains active within their domain. As these owners start changing their hosting provider (due to constant unexplained issues), they actively migrate these vulnerabilities behind protected areas, possibly exposing other clean WP to different attack types.

• The Events Calendar – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800,000+

---

• Ocean Extra – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800,000+

---

• CAPTCHA 4WP – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200,000+

---

• Redirection for Contact Form 7 – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200,000+

---

• Best WordPress Gallery Plugin – FooGallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200,000+

---

• WP Activity Log – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• WP Meta and Date Remover – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Unlimited Elements For Elementor (Free Widgets, Addons, Templates) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Lightbox & Modal Popup WordPress Plugin – FooBox – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Elementor Addon Elements – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• WP Mobile Menu – The Mobile-Friendly Responsive Menu – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Livemesh Addons for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• AnyWhere Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Menu Image, Icons made easy – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• Menu Image, Icons made easy – Stored Cross-Site Scripting (XSS)
  • Active installations: 100,000+

---

• FiboSearch – Ajax Search for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100,000+

---

• Simple Sitemap – Create a Responsive HTML Sitemap – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 90,000+

---

• User Menus – Nav Menu Visibility – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 90,000+

---

• Custom Login Page Customizer – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 80,000+

---

• kk Star Ratings – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 80,000+

---

• Ivory Search – WordPress Search Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 80,000+

---

• LearnPress – WordPress LMS Plugin – Reflected Cross-Site Scripting (XSS)
  • Active installations: 100,000+

---

• Blocksy Companion – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 70,000+

---

• WP fail2ban – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 70,000+

---

• Smart Floating / Sticky Buttons – Call, Sharing, Chat Widgets & More – Buttonizer – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 70,000+

---

• Easy Social Feed – Social Photos Gallery – Post Feed – Like Box – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 70,000+

---

• Stackable – Page Builder Gutenberg Blocks – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 60,000+

---

• Event Tickets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 50,000+

---

• Easy Smooth Scroll Links – Smooth Scrolling Anchor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• Easy Smooth Scroll Links – Smooth Scrolling Anchor – Stored Cross-Site Scripting (XSS)
  • Active installations: 50,000+

---

• WP Encryption – One Click Free SSL Certificate & SSL / HTTPS Redirect to fix Insecure Content – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 50,000+

---

• Widgets on Pages – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• Lightweight Widget Area Plugin – Content Aware Sidebars – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• WP Table Builder – WordPress Table Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• Prime Slider – Addons For Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• WooCommerce Pixel Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• Premmerce Permalink Manager for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 40,000+

---

• SSL Zen – Free SSL Certificate & HTTPS Redirect for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Post Snippets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Spotlight Social Media Feeds – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Ultimate Blocks – Gutenberg Blocks Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Date Picker by Input WP – Sync bookings with external Calendars (.ics) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Livemesh SiteOrigin Widgets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Image Photo Gallery Final Tiles Grid – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Delete All Comments of wordpress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• StoreCustomizer – WooCommerce plugin to Customize all WooCommerce Pages – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Featured Images in RSS for Mailchimp & More – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Master Addons for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 30,000+

---

• Livemesh Addons for WPBakery Page Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• WP Contact Slider – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Contact Form 7 Multi-Step Forms – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Royal Elementor Addons (Header Footer Builder, Popups, Post Grid, Woocommerce Product Grid, Slider, Parallax Image, Free Elementor Widgets & Elementor Templates) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Yasr – Yet Another Stars Rating – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Delete Duplicate Posts – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Internal Link Juicer: SEO Auto Linker for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin – Import/Export to Email Address Disclosure
• myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin – Arbitrary Post Creation
  • Active installations: 20,000+

---

• News & Blog Designer Pack – WordPress Blog Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Form Vibes – Database Manager for Forms – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Restrict User Access – Membership Plugin with Force – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Fuse Social Floating Sidebar – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• New User Approve – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Divi Contact Form 7 – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• SKT Templates – Elementor & Gutenberg templates – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• All-in-One Video Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Error Log Monitor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Videopack (formerly Video Embed & Thumbnail Generator) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Simple Social Page Widget & Shortcode – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Rating-Widget: Star Review System – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• Advanced Page Visit Counter – Most Advanced WordPress Visit Counter Plugin – Blind SQL Injection (SQLi)
  • Active installations: 10,000+

---

• Rocket Maintenance Mode & Coming Soon Page – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Front End PM – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• WP Data Access – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• WooCommerce Tiered Price Table – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• WordPress Slider Block Gutenslider – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Product Customer List for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Justified Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Store Toolkit for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Post Grid, Image Gallery & Portfolio for Elementor | PowerFolio – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Post Slider and Carousel with Widget – A Responsive Post Slider – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• WordPress Robots.txt optimization (+ XML Sitemap) – Website traffic, SEO & ranking Booster – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Hide Shipping Method For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Product Size Charts Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Authorize.Net Payment Gateway For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Blockspare – Beautiful Page Building Gutenberg Blocks for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Passster – Password Protection – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• Flat Rate Shipping Plugin For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Bulk Auto Image Alt Text (Alt tag, Alt attribute) optimization (image SEO) + Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 10,000+

---

• XT Floating Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 9,000+

---

• Add Expires Headers & Optimized Minify – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Security Ninja – Secure Firewall & Secure Malware Scanner – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 9,000+

---

• Magic Post Thumbnail – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 9,000+

---

• Woo Products Widgets For Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 9,000+

---

• WooCommerce EU VAT Assistant – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 9,000+

---

• Accordion & FAQ – Helpie WordPress Accordion FAQ plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Page Builder Gutenberg Blocks – Kioken Blocks – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• HuCommerce | Magyar WooCommerce kiegészítések – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• ACF Frontend – Add and edit posts, pages, users and more all from the frontend – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Booking Calendar | Appointment Booking | BookIt – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Remove Add to Cart WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Salon booking system – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Media Cloud for Amazon S3, Imgix, Google Cloud Storage, DigitalOcean Spaces and more – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• Thanks Redirect for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 8,000+

---

• WP Travel Engine – Travel and Tour Booking Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Drop Shadow Boxes – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• WP SMS Plugin for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Digital Goods for WooCommerce Checkout – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Battle Suit for Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Better Messages – Live Chat for WordPress, BuddyPress, BuddyBoss, Ultimate Member, PeepSo – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Post to Google My Business (Google Business Profile) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Extra Fees Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• Product Attachment for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• Gallery PhotoBlocks – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• TinyMCE Annotate – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• RevivePress – Keep your Old Content Evergreen – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 7,000+

---

• Tickera – WordPress Event Ticketing – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• WooCommerce Bulk Edit Products – WP Sheet Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• Better Elementor Addons – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• License Manager for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Premmerce Brands for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Print My Blog – Print, PDF, & eBook Converter WordPress Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Primary Addon for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Server Info – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Custom WooCommerce Checkout Fields Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Premmerce SEO for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Connect Contact Form 7, WooCommerce To Google Sheets & Other Platforms – Advanced Form Integration – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 6,000+

---

• Events Addon for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• WooCommerce – Country Based Payments – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Add Linkedin insight tags for Linkedin ads – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• URL Shortify – Simple, Powerful and Easy URL Shortener Plugin For WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• WooCommerce Banner and Carousel Slider for Category, Page – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Iks Menu – WordPress Category Accordion Menu – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Livemesh Addons for Beaver Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• DiviTorque – Divi Theme, Divi Builder and Extra Theme – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• WP-Cron Status Checker – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 5,000+

---

• Premmerce Product Filter for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Bulk Edit Posts and Products in Spreadsheet – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Advanced Classifieds & Directory Pro – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• WordPress Persistent Login – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Automatic YouTube Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Shipping Method Display Style for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• WC Place Order Without Payment – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Agy – Age verification for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• WordPress Tag Cloud Plugin – Tag Groups – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• CodeKit – Custom Codes Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• SEO Booster – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• Quick Contact Form – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 4,000+

---

• TK Google Fonts GDPR Compliant – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Easy Math Captcha for CF7 – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Quick Paypal Payments – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Quick Event Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Ultimate Post Kit – Addons For Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Music Player for Elementor – Audio Player & Podcast Player – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Product Options and Price Calculation Formulas for WooCommerce – Uni CPO – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• WP EasyPay – Square for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Chat Button- Leads and Order over Chat – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Delicious Recipes – WordPress Recipe Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Spanish Market Enhancements for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Food Store – Online Food Delivery & Pickup – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Webba Booking – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Insert or Embed Articulate Content into WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Geo Mashup – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Super Video Player – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• WP Coupons and Deals – WordPress Coupon Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 3,000+

---

• Design for Contact Form 7 Style WordPress Plugin – CF7 WOW Styler – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Interactive Geo Maps – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 20,000+

---

• Best Responsive Comparison Table for Gutenberg Editor – NicheTable – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Multi Page Auto Advance for Gravity Forms – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• CartPops – High Converting Add To Cart Popup For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Notification Bar, Announcement and Cookie Notice WordPress Plugin – FooBar – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Master Accordion ( Former WP Awesome FAQ Plugin ) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Fraud Prevention Plugin for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Radio Station – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Glossary – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Mass Pages/Posts Creator – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• WP Tools Gravity Forms Divi Module – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Market Exporter – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Share This Image – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• WP Author Bio – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Booking Addon for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Migrate WordPress Website & Backups – Prime Mover – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Enhanced Ecommerce Google Analytics for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Bulk WooCommerce Category Creator – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Blog Sidebar Widget – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Lightbox – EverlightBox Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• SVG Flags – Beautiful Scalable Flags For All Countries! – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Premmerce Product Search for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Image Carousel For Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Pay For Post with WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Video Player for YouTube – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Easy Post Views Count – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Bulk Edit Categories and Tags – Create Thousands Quickly on the Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• WooCommerce upcoming Products – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Pootle Pagebuilder – WordPress Page builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Display Eventbrite Events – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Smart Variations Images & Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Page Builder Sandwich – Front-End Page Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Restrict – membership, site, content and user access restrictions for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Post, Registration and Profile Form Builder – FrontEnd Editor BuddyForms – Easy WordPress Forms – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Sky Login Redirect – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 2,000+

---

• Mobile View for Responsive web design optimization (UX design) + Mobile Friendly Test – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

• Books Gallery – Best Books Showcase & Library Plugin for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Ads.txt & App-ads.txt Manager for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• annasta Woocommerce Product Filters – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Forms to Zapier, Integromat, IFTTT, Workato, Automate.io, elastic.io, Built.io, APIANT, Webhook – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• FullScreen Menu – Mobile Friendly and Responsive – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Airpress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Stop WP Comment Spam – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WP Free SSL – Free SSL Certificate for WordPress and force HTTPS – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Local Delivery Drivers for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WP Radio – Worldwide Online Radio Stations Directory for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Advance Menu Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• TreePress – Easy Family Trees & Ancestor Profiles – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WordPress Stripe Donation and Payment Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WordPress Gallery Plugin – Limb Image Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Ultimeter – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Greenshift – animation and page builder blocks – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Data Table, Database for Contact Form 7 (CF7 DB) – Tablesome Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WordPress Team Members – GS Plugins – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WP Page Templates – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• SV Proven Expert – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Surbma | GDPR Proof Cookie Consent & Notice Bar – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• StreamCast – Radio Player for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• STAX Header Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• ClickerVolt – Affiliate Links & Click Tracking for Performance Marketers – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WooBuddy -> WooCommerce BuddyPress Integration – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Widget for Contact form 7 – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Change Price Title for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WooCommerce Dynamic Pricing and Discount Rules – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WordPress Announcement & Notification Banner Plugin – Bulletin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• XT Variation Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Bulk Auto Image Title Attribute (Image Title tag) optimization (Image SEO) + Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Scrollsequence – Cinematic Scroll Image Animation Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Bulk Edit and Create User Profiles – WP Sheet Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Кнопка ЮMoney – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WooCommerce Disable Payment Methods based on cart conditions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• RT Easy Builder – Advanced addons for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Bulk Attachment Download – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WooCommerce Affiliate Plugin – Coupon Affiliates – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• WooCommerce Affiliate Plugin – Coupon Affiliates – Unauthenticated Stored Cross-Site Scripting (XSS)
  • Active installations: 1,000+

---

• Under Construction – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Restaurant & Cafe Addon for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Responsive Social Slider Widget – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WP Required Taxonomies – Categories and Tags Mandatory – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Premmerce WooCommerce Customers Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Radio Player – Live Shoutcast, Icecast and Audio Stream Player for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• HQTheme Extra – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Woocommerce Customers Order History – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Document Viewer for Office – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Premmerce Wholesale Pricing for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• EthPress – Web3 Login – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• HM Multiple Roles – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WordPress Slider Plugin – Block Slider – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Premmerce User Roles – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Premmerce Redirect Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Premmerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Power Ups for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Knowledge Base documentation & wiki plugin – BasePress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Posts List Designer by Category – List Category Posts Or Recent Posts – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Dreamfox Media Payment gateway per Product for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Featured Products First for WooCommerce – A Extension of WooCommerce (WooCommerce Addon Plugin) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• 3D viewer – Embed 3D Models – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Panorama Viewer – 360 Degree Image + Video Viewer – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Overlay Image Divi Module – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• APIExperts Square for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Opensea – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WoowGallery – image gallery / content gallery / ecommerce gallery / social gallery / video gallery / album photo gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WP Affiliate Disclosure – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Footer Plugin for Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Activity Log For MainWP – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Go Fetch Jobs (for WP Job Manager) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Ultimate Bulk SEO Noindex Nofollow – Speed up Penalty Recovery Ultimate SEO Booster – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Contact Widgets For Elementor all the contact links you need in one place – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Turbo Widgets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins. – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Add Tiktok Pixel for Tiktok ads (+Woocommerce) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Simple Giveaways – Grow your business, email lists and traffic with contests – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Joli Table Of Contents – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Add Pinterest conversion tags for Pinterest Ads + Site verification – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• Alt Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 1,000+

---

• WooCommerce PayPlug – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 900+

---

• SV Tracking Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 900+

---

• Qyrr – simply and modern QR-Code creation – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 900+

---

• Ultimate Widgets Light – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 900+

---

• Divi Collage – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 900+

---

• Product Carousel For WooCommerce – WoorouSell – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• AdFoxly – Ad Manager, AdSense Ads & Ads.txt – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• BlockMeister – Block Pattern Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Marijuana Age Verify – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Multisite Robots.txt Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Replyable – Subscribe to Comments and Reply by Email – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Page Builder for Gutenberg – StarterBlocks – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Yatri Tools – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Commerce Coinbase For WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• WP Smart Export (Free) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 800+

---

• Wholesale For WooCommerce Lite – B2B & B2C Solution – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• WP Security Safe – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• WP Event Partners – WordPress Plugin for Event and Conference Management – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• WordPress Everse Starter Sites – Elementor Templates – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Advanced Custom Fields options import/export – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Premmerce Wishlist for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Email Tracker – Email Tracking Plugin to track Emails for Open and Email Links Click (Compatible with WooCommerce) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Five-Star Ratings Shortcode – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• A no-code page builder for beautiful performance-based content – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Accessibility Checker by Equalize Digital – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• WP-HR Manager: The Human Resources Plugin for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Categorify – WordPress Media Library Category & File Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Widget Detector for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Easy Age Verify – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 700+

---

• Premmerce Multi-currency for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Easy Newsletter Signups – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• WPBITS Addons For Elementor Page Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• BAVOKO SEO Tools – All-in-One WordPress SEO – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Fast Checkout for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Woo Ukrposhta – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Frontend Admin – Add and edit posts, pages, users and more all from the frontend – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Location Picker at Checkout for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• StreamWeasels Twitch Integration – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• WP Munich Blocks – Gutenberg Blocks for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Dreamfox Media Shipping gateway per Product for Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Auto SEO META keywords (META tags keywords) optimization + WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• WP Link Bio – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Premmerce Variation Swatches for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• ACF for WooCommerce Product – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Filr – Secure document library – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• WordPress Google Translate – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Domain Mapping System – Manage Unlimited Domains on your Site – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Really Simple Featured Video – Featured video support for Posts, Pages & WooCommerce Products – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• WebinarIgnition | WordPress Webinar plugin to run live and instant/evergreen/automated/recorded webinars – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 600+

---

• Contact List – Easy Business Directory, Staff Directory and Address Book Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Top News – Best News Plugin for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Anfrageformular – Multi Step Drag & Drop Formular Builder – Leadgenerierung – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Live Scores for SportsPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Gutenberg Blocks – ACF Blocks Suite – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Floating Social Share Icons and Social Share buttons – Next Previous Post Links – FL – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Product Author for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• Modern Addons for Elementor Page Builder – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• WordPress Buffer – HYPESocial. Social Media Auto Post, Social Media Auto Publish and Schedule – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WooCommerce Bulk Edit Coupons – WP Sheet Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WP Tools Divi Product Carousel – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Get Directions Map – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Comments Not Replied To – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WP School Calendar – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 500+

---

• DW Question & Answer Pro – WordPress Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
• DW Question & Answer Pro – WordPress Plugin – Multiple Cross-Site Request Forgery (CSRF)
  • Active installations: N/A

---

• VO Store Locator – WP Store Locator Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Walker Core – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Media Library File Download – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WP Frontend Profile – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Live Drag and Drop Builder for Contact Form 7 – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Free Booking Plugin for Hotels, Restaurant and Car Rental – eaSYNC – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Preloader for Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• AppExperts – WordPress to Mobile App – WooCommerce to iOs and Android Apps – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WP Notification Bell – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Ether and ERC20 tokens WooCommerce Payment Gateway – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Code Manager – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• WUPO Group Attributes for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Alley Business Toolkit – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Post Carousel Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• WP Adminify – WordPress Admin Dashboard Customization Toolkit – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• Gift Message for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Cryptocurrency Product for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Change Prices with Time for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 400+

---

• RaCar Clear Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Italian VAT Kit for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• jav’s – WooCommerce and Trello integration WooTrello – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• WooCommerce Country Catalogs – Product Country Restrictions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Live TV Player – Worldwide Live TV Channels Player for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• WP Google Street View (with 360° virtual tour) & Google maps + Local SEO – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• XT Quick View for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• EthereumICO – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• FAQ Manager For Divi, Gutenberg Block & Shortcode – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Checkout with Zelle on Woocommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Display WP Admin Pages in the Frontend – WP Frontend Admin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Integrate Google Drive – Complete Google Drive Cloud Solution For WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Top Bar – PopUps – by WPOptin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• LittleBot ACH for Stripe + Plaid – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• WP Sessions Time Monitoring Full Automatic – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• WP SPID Italia – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• GA4WP: Google Analytics for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Advanced WC Analytics – Google Analytics Dashboard for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Guest posting / Frontend Posting wordpress plugin – WP Front User Submit / Front Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• WP Disable Sitemap – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Multipurpose Gutenberg Block – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• WP Conference Schedule – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Internal Linking for SEO traffic & Ranking – Auto internal links (100% automatic) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Builder for WooCommerce reviews shortcodes – ReviewShort – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• BookPress – For Book Authors – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Tarot Card Oracle – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • This plugin has been closed as of March 9, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Quote for WooCommerce Lite – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• WordPress SEO Audit Plugin – WP Site Auditor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Ethereum Wallet – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Product Image Watermark for Woo – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• ConeBlog – WordPress Blog Widgets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Run Contests, Raffles, and Giveaways with ContestsWP – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• CP Image Gallery – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Reset Course Progress For LearnDash – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Revolution for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Da Reactions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Ultimate Divi Modules Suite – Divi Sumo Lite – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Starfish Review Generation & Marketing for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 200+

---

• Simple Feature Requests Free – User Feedback Board – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 300+

---

• Age Verification Screen for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• bbResolutions – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• XT Ajax Add To Cart for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WP Group Promoter – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• All in One Invite Codes – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Grid & Styler For Contact Form 7 And Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WordPress Coupon Plugin for Bloggers and Marketers – WP Offers – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• W3SCloud Contact Form 7 to Zoho CRM – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WP Photo Effects – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• VidSEO | WordPress Video SEO embedder with transcripts (Youtube & Vimeo) – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Easy Code Snippets – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WP Post Block – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Multicollab – Google Doc-Style Editorial Commenting for WordPress – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• LawPress – Law Firm Website Management – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WP Tools Divi Blog Carousel – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Delete old Posts automatically – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Add Twitter Pixel for Twitter ads – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Joli FAQ SEO – WordPress FAQ Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Education Addon for Elementor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Ultimate Carousel For Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Divi Content Restrictor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• XT Points & Rewards for WooCommerce – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• JDs Portfolio – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Court Reservation – Manage Your Court Bookings Online – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• CP Simple Newsletter – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Rest Routes – Custom Endpoints for WP REST API – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WPTools Masonry Gallery & Posts For Divi – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Easy Zillow Reviews – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• SocialMark – Easy Watermark/Logo on Social Media Post Link Share Preview – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Social Gallery Lite – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Easy Tiktok Feed – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Simple Sponsorships – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Go Viral – social share, social sharebar, social locker, social chat, open graph, reactions, share & view counters – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Feedpress Generator – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Station Pro Plugin – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• WooCommerce Customers Table: View, Search, Bulk Editor – CrossSite Request Forgery (CSRF) + Sensitive Information Disclosure
  • Active installations: 100+

---

• Amelia – Events & Appointments Booking Calendar – Sensitive Data Disclosure
• Amelia – Events & Appointments Booking Calendar – Arbitrary Customer Deletion via CSRF
• Amelia – Events & Appointments Booking Calendar – Arbitrary Appointments Status Update
• Amelia – Events & Appointments Booking Calendar – Arbitrary Appointments Update
• Amelia – Events & Appointments Booking Calendar – Unauthenticated Stored Cross-Site Scripting (XSS)
• Amelia – Events & Appointments Booking Calendar – SMS Service Abuse and Sensitive Data Disclosure
  • Active installations: 40,000+

---

• Sermon Browser – Arbitrary File Upload via Cross-Site Request Forgery (CSRF)
  • This plugin has been closed as of February 4, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• Translate WordPress with GTranslate – Cross-Site Request Forgery (CSRF) vulnerability leading to Account Takeover
  • Active installations: 300,000+

---

• Analytics Cat – Google Analytics Made Easy – Plugin Settings change via Cross-Site Request Forgery (CSRF)
  • Active installations: 10,000+

---

• Simple Membership – Arbitrary Transaction Deletion via CSRF
  • Active installations: 50,000+

---

• Accept Stripe Payments – Cross-Site Request Forgery (CSRF)
  • Active installations: 40,000+

---

• Yoo Slider – Image Slider & Video Slider – Cross-Site Request Forgery (CSRF) leading to slider Duplicate/Delete
• Yoo Slider – Image Slider & Video Slider – Stored Cross-Site Scripting (XSS)
  • Active installations: 1000+

---

• Export All URLs – Private/Draft Post/Page Title Disclosure via Cross-Site Request Forgery (CSRF)
• Export All URLs – Reflected Cross-Site Scripting (XSS)
  • Active installations: 30,000+

BRIEF: Cross-Site Request Forgery APR 2022 is a type of malicious exploit of a website where unauthorised commands are submitted from a user that the web application trusts. Cross-site request forgery is also known as one-click attack, session riding, CSRF, XSRF, Sea Surf, Session Riding, Cross-Site Reference Forgery, or Hostile Linking.

What is Cross-Site Request Forgery APR 2022?

Cross-site request forgery (also known as CSRF) is a web Security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same-origin policy, which is designed to prevent different websites from interfering with each other. Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state-changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

What is the impact of a CSRF APR 2022 attack?

In a successful CSRF attack, the attacker causes the victim user to act unintentionally. Example: this might be to change the email address on their account, to change their password, or to make a funds transfer. Depending on the nature of the action, the attacker might be able to gain full control over the user’s account. If the compromised user has a privileged role within the application, then the attacker might be able to take full control of all the application’s data and functionality.

 

MANAGED WP/Woo Security: CSRF APR 2022 | Cross-Site Request Forgery APR 2022 Related Posts