WP CSRF APR 2025 - WP Cross-Site Request Forgery
Managed WP/Woo Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF APR 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a +35% INCREASE compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
The following cases made headlines PUBLICLY just last month in the WP CSRF APR 2025 & WP Cross-Site Request Forgery category:
| 3DPrint Lite | Cross-Site Request Forgery (CSRF) |
| AdSense Privacy Policy | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| AlphaOmega Captcha & Anti-Spam Filter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ANAC XML Render | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Anthologize | Cross-Site Request Forgery (CSRF) |
| Auto Load Next Post | Cross-Site Request Forgery (CSRF) |
| Awesome Logos | Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi) |
| Back To Top | Cross-Site Request Forgery (CSRF) |
| banner-manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| bbPress | Cross-Site Request Forgery (CSRF) and Limited Privilege Escalation (BAC) |
| Booknetic | Staff Creation from Cross-Site Request Forgery (CSRF) |
| Browser Address Bar Color | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Browser Caching with htaccess | Cross-Site Request Forgery (CSRF) |
| Builder for Contact Form 7 by Webconstruct | Cross-Site Request Forgery (CSRF) |
| Cackle | Cross-Site Request Forgery (CSRF) |
| CallPhone'r | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CAS Maestro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Cazamba | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Christmas Panda | Cross-Site Request Forgery (CSRF) |
| cits-support-svg-webp-media-upload | Cross-Site Request Forgery (CSRF) and Font Assignment Deletion (BAC) |
| Comment Date and Gravatar remover | Cross-Site Request Forgery (CSRF) |
| Contact Form 7 Material Design | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Contact Form 7 Select Box Editor Button | Cross-Site Request Forgery (CSRF) |
| Cookies Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CopyLink | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| CSV to Responsive Tables | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| cTabs | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Currency Switcher for WooCommerce | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Dashboard Page | Cross-Site Request Forgery (CSRF) |
| Custom Field For WP Job Manager | Cross-Site Request Forgery (CSRF) |
| Custom Fields Account Registration For Woocommerce | Cross-Site Request Forgery (CSRF) |
| Custom Login Logo | Cross-Site Request Forgery (CSRF) |
| Custom Script Integration | Cross-Site Request Forgery (CSRF) |
| Custom top bar | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Custom Twitter Feeds (Tweets Widget) | Cross-Site Request Forgery (CSRF) and Cache Reset from ctf_clear_cache_admin Function |
| Delete Original Image | Cross-Site Request Forgery (CSRF) |
| Display Template Name | Cross-Site Request Forgery (CSRF) |
| Domain Theme | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Easy 301 Redirects | Cross-Site Request Forgery (CSRF) |
| Edd Google Sheet Connector Pro | Cross-Site Request Forgery (CSRF) and Access Code Update (BAC) |
| Event Tickets with Ticket Scanner | Tickets Deletion (BAC) from Cross-Site Request Forgery (CSRF) |
| External image replace | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
| EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi) |
| EZ SQL Reports Shortcode Widget and DB Backup | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Featured Posts Grid | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Fix Rss Feeds | Cross-Site Request Forgery (CSRF) |
| Flexible Cookies | Cross-Site Request Forgery (CSRF) |
| Flipdish Ordering System | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| Float menu | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| FoodBakery | Cross-Site Request Forgery (CSRF)in Multiple Functions |
| Football Pool | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| Frontpage category filter | Cross-Site Request Forgery (CSRF) |
| FTP Sync | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Generate Post Thumbnails | Cross-Site Request Forgery (CSRF) |
| Gift Message for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google News Editors Picks Feed Generator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Google Sheet Connector for Easy Digital Downloads | Cross-Site Request Forgery (CSRF) and Access Code Update (BAC) |
| Go To Top | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| GP Back To Top | Cross-Site Request Forgery (CSRF) |
| Hacklog Remote Image Autosave | Cross-Site Request Forgery (CSRF) |
| Hashtags | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Hesabfa Accounting | Cross-Site Request Forgery (CSRF) |
| Homey Theme | Cross-Site Request Forgery (CSRF) and User Verification |
| I Am Gloria | Cross-Site Request Forgery (CSRF) |
| Image Captcha | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| Image Slider / Slideshow Pearlbells | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Info Boxes Shortcode and Widget | Cross-Site Request Forgery (CSRF) |
| Insert Code | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| InstaWP Connect | Cross-Site Request Forgery (CSRF) and Local File Inclusion (LFi) |
| Integration for Google Sheets and Contact Form 7, WPForms, Elementor, Ninja Forms | Cross-Site Request Forgery (CSRF) |
| IP Based Login | Log Deletion (BAC) from Cross-Site Request Forgery (CSRF) |
| jQuery Dropdown Menu | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| KK I Like It | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| LH OGP Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Limit Bio | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| List of Posts from each Category plugin for WordPress | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Login Alert | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Login Logger | Cross-Site Request Forgery (CSRF) |
| LoginPress | Cross-Site Request Forgery (CSRF) and Options Update (BAC) |
| LWS SMS | Cross-Site Request Forgery (CSRF) |
| Maintenance Notice | Cross-Site Request Forgery (CSRF) |
| Maintenance Notice | Cross-Site Request Forgery (CSRF) |
| Map Contact | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| MaxA/B | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Members page only for logged in users | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Microblog Poster | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Mobile Themes | Cross-Site Request Forgery (CSRF) |
| NertWorks All in One Social Share Tools | Cross-Site Request Forgery (CSRF) |
| Newscrunch Theme | Cross-Site Request Forgery (CSRF) and File Upload (BAC) |
| No Disposable Email | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| OmniLeads Scripts and Tags Manager | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| OSS Upload | Cross-Site Request Forgery (CSRF) |
| Photo Slideshow (Responsive) | Cross-Site Request Forgery (CSRF) to Privilege Escalation (BAC) |
| Picture Gallery | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Plugins Last Updated Column | Cross-Site Request Forgery (CSRF) |
| Podlove Podcast Publisher | Cross-Site Request Forgery (CSRF)from ajax_transcript_delete Function |
| price-calc | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Product Author for WooCommerce | Cross-Site Request Forgery (CSRF) |
| Pro Rank Tracker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| publish post email notification | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| Rankcheckerio Integration | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| reCAPTCHA for all | Cross-Site Request Forgery (CSRF) |
| Recapture for WooCommerce | Cross-Site Request Forgery (CSRF) to Private Settings Change (BAC) |
| Related Post | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Related Posts from Categories | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Replace Default Words | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| REST API TO MiniProgram | Cross-Site Request Forgery (CSRF) |
| Rewrite | Cross-Site Request Forgery (CSRF) |
| Secret Meta | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Serial Codes Generator and Validator with WooCommerce Support | Cross-Site Request Forgery (CSRF) |
| ShowTime Slideshow | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Optimizer | Cross-Site Request Forgery (CSRF) |
| Simple Rating | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Simple Trackback Disabler | Cross-Site Request Forgery (CSRF) |
| SimplyRETS Real Estate IDX | Cross-Site Request Forgery (CSRF) to Multiple Admin Actions |
| Skrill Official | Cross-Site Request Forgery (CSRF) |
| SoundCloud Ultimate | Cross-Site Request Forgery (CSRF) |
| Spam Byebye | Cross-Site Request Forgery (CSRF) |
| SpeakPipe | Cross-Site Request Forgery (CSRF) |
| Spreadsheet Integration – Automate Google Sheets With WordPress, WooCommerce & Most Popular Form Plugins | Cross-Site Request Forgery (CSRF) and Post Publish |
| Store Locator Widget | r Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Super Static Cache | Cross-Site Request Forgery (CSRF) |
| TabGarb Pro | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| tagDiv Composer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| teachPress | Cross-Site Request Forgery (CSRF) and Import Delete (BAC) |
| Terms of Use | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| The Visitor Counter | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Translator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| TWB Woocommerce Reviews | Cross-Site Request Forgery (CSRF) |
| Typekit plugin for WordPress | Cross-Site Request Forgery (CSRF) |
| Ultimate Security Checker | Cross-Site Request Forgery (CSRF) to Security Rescan |
| URL Shortener | Conversion Tracking | AB Testing | WooCommerce | Cross-Site Request Forgery (CSRF) |
| Usermaven | Cross-Site Request Forgery (CSRF) |
| UTM tags tracking for Contact Form 7 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| ValidateCertify | Cross-Site Request Forgery (CSRF) |
| Verge3D | Cross-Site Request Forgery (CSRF) |
| Video Embedder | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| W3Counter Free Real-Time Web Stats | Cross-Site Request Forgery (CSRF) |
| W3Counter Free Real-Time Web Stats | Cross-Site Request Forgery (CSRF) |
| Wallet System for WooCommerce | Cross-Site Request Forgery (CSRF) |
| WATI Chat and Notification | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WIP WooCarousel Lite | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| Wishlist for WooCommerce: Multi Wishlists Per Customer | Cross-Site Request Forgery (CSRF) and Cross-Site Scriping from Wishlist Name |
| WordPress Admin Bar Improved | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto | Cross-Site Request Forgery (CSRF) and Results Deletion (BAC) |
| WordPress SQL Backup | Cross-Site Request Forgery (CSRF) |
| WordPres 同步微博 | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Add Active Class To Menu Item | Cross-Site Request Forgery (CSRF) |
| WP Bulk Post Duplicator | Cross-Site Request Forgery (CSRF) |
| WP Compare Tables | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Database Optimizer | Cross-Site Request Forgery (CSRF) |
| WP e-Commerce Style Email | Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) |
| WP Google Review Slider | Cross-Site Request Forgery (CSRF) to SQL Injection (SQLi) |
| WP Hide Admin Bar | Cross-Site Request Forgery (CSRF) |
| WP jQuery Persian Datepicker | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP No-Bot Question | Cross-Site Request Forgery (CSRF) |
| WP Odoo Form Integrator | Cross-Site Request Forgery (CSRF) to Cross-Site Scripting (XSS) |
| WP Ride Booking | Cross-Site Request Forgery (CSRF) |
| wpShopGermany IT-RECHT KANZLEI | Cross-Site Request Forgery (CSRF) |
| WP Supersized | Cross-Site Request Forgery (CSRF) |
| XV Random Quotes | Settings Reset from Cross-Site Request Forgery (CSRF) |
| XV Random Quotes | Settings Reset from Cross-Site Request Forgery (CSRF) |
| Yummly Rich Recipes | Cross-Site Request Forgery (CSRF) |
| ZipList Recipe | Cross-Site Request Forgery (CSRF) |
| Zoorum Comments | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 876 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2025: | 619 |
MANAGED WP/Woo Security: WP CSRF APR 2025 | WP Cross-Site Request Forgery
WP CSRF MAR 2025: 124 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF FEB 2025: 218 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF JAN 2025: 110 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF DEC 2024: 105 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
Table of Contents
- WP CSRF APR 2025 - WP Cross-Site Request Forgery
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Cross-Site Request Forgery Patch Management.
- Get security LIVEPATCH
- Stay informed
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo Security: WP CSRF APR 2025 | WP Cross-Site Request Forgery
- WP CSRF MAR 2025: 124 Bold WP Cross-Site Request Forgery
- WP CSRF FEB 2025: 218 Bold WP Cross-Site Request Forgery
- WP CSRF JAN 2025: 110 Bold WP Cross-Site Request Forgery
- WP CSRF DEC 2024: 105 Bold WP Cross-Site Request Forgery
