WP CSRF JUN 2025 - WP Cross-Site Request Forgery
Managed WP/Woo Security Report
Be informed about the latest WP Cross-Site Request Forgery, identified and reported publicly. As these WP CSRF JUN 2025 vulnerabilities have a severe negative impact on any WordPress Security, consider our security audit.
It is a -60% DECREASE, compared to previous month, as specifically targeted Cross-Site Request Forgeries. Consider for your online safety, a managed WP/Woo Security AUDIT, – OR – switching with a TOP10LIST alternative WP Security Plugin - OR - Hire professionals for managed WP Security.
Wp Csrf Jun 2025
The following cases made headlines PUBLICLY just last month in the WP CSRF JUN 2025 & WP Cross-Site Request Forgery category:
| 4stats | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| 워드프레스 결제 심플페이 | Cross-Site Request Forgery (CSRF) |
| Abundatrade | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Accept Donations with PayPal | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Advanced Reorder Image Text Slider | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Affiliates Manager Google reCAPTCHA Integration | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| AHAthat | Cross-Site Request Forgery (CSRF) and AHA Page Deletion (BAC) |
| Alink Tap | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| AlT Monitoring | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Audio Comments | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| AWcode Toolkit | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Awin – Advertiser Tracking for WooCommerce | Cross-Site Request Forgery (CSRF) and Product Feed Regeneration |
| BabelZ | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Beacon Lead Magnets and Lead Capture | Cross-Site Request Forgery (CSRF) |
| Broadcast Live Video – Live Streaming : WebRTC, HLS, RTSP, RTMP | Cross-Site Request Forgery (CSRF) |
| BTEV | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Challan | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| Competition Form | Competition Deletion from Cross-Site Request Forgery (CSRF) |
| Connexion Logs | Log Deletion from Cross-Site Request Forgery (CSRF) |
| Contact Form Widget | Cross-Site Request Forgery (CSRF) |
| Contribuinte Checkout | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Cool Author Box | Cross-Site Request Forgery (CSRF) |
| Credova_Financial | Cross-Site Request Forgery (CSRF) |
| CSS3 Accordions for WordPress | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Custom Author Base | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| DoFollow Case by Case | Cross-Site Request Forgery (CSRF) |
| Dynamic Pricing & Discounts Lite for WooCommerce | Cross-Site Request Forgery (CSRF) |
| EasyMe Connect | Cross-Site Request Forgery (CSRF) |
| Easy PayPal Events | Cross-Site Request Forgery (CSRF) |
| EKC Tournament Manager | Create Tournaments/Teams from Cross-Site Request Forgery (CSRF) |
| Element Pack Pro | Cross-Site Request Forgery (CSRF) |
| ELI's Related Posts Footer Links and Widget | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Falang multilanguage | Cross-Site Request Forgery (CSRF) |
| GamiPress Reset User | GamiPress User Data Removal from Cross-Site Request Forgery (CSRF) |
| GDPR Cookie Consent | Bulk Delete from Cross-Site Request Forgery (CSRF) |
| GPT3 AI Content Writer | Cross-Site Request Forgery (CSRF) and Prompt Generation |
| Graphina | Cross-Site Request Forgery (CSRF) and Local File Inclusion (LFi) |
| GS Logo Slider | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Hash Form | Cross-Site Request Forgery (CSRF) |
| Import Export For WooCommerce | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Japanized For WooCommerce | Cross-Site Request Forgery (CSRF) |
| JavaScript Logic | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| JSP Store Locator | Deletion from Missing Cross-Site Request Forgery (CSRF) |
| LessButtons Social Sharing and Statistics | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| Listamester | Cross-Site Request Forgery (CSRF) |
| LiveAgent | Cross-Site Request Forgery (CSRF) |
| MapFig Studio | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| Martins Free Monetized Ad Exchange Network | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Nokaut Offers Box | Plugin Reset from Cross-Site Request Forgery (CSRF) |
| Ntz Antispam | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| occupancyplan | Cross-Site Request Forgery (CSRF) and SQL Injection (SQLi) |
| Offload Videos – Bunny.net, AWS S3 | Cross-Site Request Forgery (CSRF) |
| Pays – WooCommerce Payment Gateway | Cross-Site Request Forgery (CSRF) |
| PeoplePond | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Pixel WordPress Form BuilderPlugin & Autoresponder | Cross-Site Request Forgery (CSRF) |
| Product Code for WooCommerce | Cross-Site Request Forgery (CSRF) and Database Update |
| Product Quantity Dropdown For Woocommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| PW WooCommerce Bulk Edit | Cross-Site Request Forgery (CSRF) |
| QuickCal | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| QuickCal | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| reCAPTCHA for all | Cross-Site Request Forgery (CSRF) |
| Rootspersona | Cross-Site Request Forgery (CSRF) |
| Salon booking system | Cross-Site Request Forgery (CSRF) and Arbitrary Content Deletion |
| SEO Flow by LupsOnline | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Seven Stars Theme | Cross-Site Request Forgery (CSRF) |
| Seznam Webmaster | Cross-Site Request Forgery (CSRF) |
| ShayanWeb Admin FontChanger | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Sidebar Manager Light | Cross-Site Request Forgery (CSRF) |
| Simple calendar for Elementor | Cross-Site Request Forgery (CSRF) |
| Simple Giveaways | Cross-Site Request Forgery (CSRF) |
| Simple Nav Archives | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Simple Page Access Restriction | Cross-Site Request Forgery (CSRF) from Multiple Parameters |
| Smaily for WP | Cross-Site Request Forgery (CSRF) |
| Smooth Gallery Replacement | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Soccer Live Scores | Cross-Site Request Forgery (CSRF) |
| Spare Theme | Cross-Site Request Forgery (CSRF) |
| Spiritual Gifts Survey | Unauthenticated Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Supertext Translation and Proofreading | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| tarteaucitron.js for WordPress | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| theMarketer | Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) |
| Travelpayouts | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| TrueBooker | Cross-Site Request Forgery (CSRF) |
| TwitterPosts | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Ultimate WP Mail | Cross-Site Request Forgery (CSRF) |
| User Profile Meta Manager | Cross-Site Request Forgery (CSRF) and Privilege Escalation (BAC) |
| ValidateCertify | Cross-Site Request Forgery (CSRF) |
| Web Accessibility with Max Access | Cross-Site Request Forgery (CSRF) |
| Wholesale Market | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Widgets Reset | Settings Update (BAC) from Cross-Site Request Forgery (CSRF) |
| Wiki Embed | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| WordPress连接微博 | Cross-Site Scripting (XSS) from Cross-Site Request Forgery (CSRF) |
| WP2LEADS | Cross-Site Request Forgery (CSRF) |
| WP Compress | Cross-Site Request Forgery (CSRF) |
| WP Fundraising Donation and Crowdfunding Platform | Cross-Site Request Forgery (CSRF) |
| WP Hotel Booking | Cross-Site Request Forgery (CSRF) |
| WP Mapa Politico España | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| WP-PManager | Category Deletion from Cross-Site Request Forgery (CSRF) |
| WP Podcasts Manager | Cross-Site Request Forgery (CSRF) |
| WPSpeed | Cross-Site Request Forgery (CSRF) |
| WP Ultimate Tours Builder | Cross-Site Request Forgery (CSRF) |
| Year Make Model Search for WooCommerce | Cross-Site Request Forgery (CSRF) and Settings Change (BAC) |
| WordPress CSRF & Cross-Site Request Forgery reported in 2023: | 949 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2024: | 876 |
| WordPress CSRF & Cross-Site Request Forgery reported in 2025: | 971 |
MANAGED WP/Woo Security: WP CSRF JUN 2025 | WP Cross-Site Request Forgery
WP CSRF MAY 2025: 251(!) Bold WP Cross-Site Request Forgery (infographic)
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF APR 2025: 167 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF MAR 2025: 124 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
WP CSRF FEB 2025: 218 Bold WP Cross-Site Request Forgery
Your Email (double opt-in) Vulnerability reports (monthly) ultrawp services (monthly) INSPIRATION (weekly) FEATURED (weekly) managed online business for you (tailored for niche needs) NEWS (weekly) Agree with the privacy policy
Table of Contents
- WP CSRF JUN 2025 - WP Cross-Site Request Forgery
- Managed WP/Woo Security Report
- Today's reality needs a Web Application Firewall (WAF) plus an Intrusion Prevention System (IPS) to mitigate "gazillion" different threats in your WordPress. Get your WP Cross-Site Request Forgery Patch Management.
- Today's reality requires daily clean-ups with database optimisations, weekly updates and upgrades for both free & premium modules, plus the occasional emergency changes when critical vulnerabilities are publicly disclosed without patches. Order your WP Cross-Site Request Forgery Patch Management.
- Get security LIVEPATCH
- Stay informed
- Need managed WP security and got no clue where to start? Hire an expert. Pay a coffee per week or figure it out yourself.
- MANAGED WP/Woo Security: WP CSRF JUN 2025 | WP Cross-Site Request Forgery
- WP CSRF MAY 2025: 251(!) Bold WP Cross-Site Request Forgery (infographic)
- WP CSRF APR 2025: 167 Bold WP Cross-Site Request Forgery
- WP CSRF MAR 2025: 124 Bold WP Cross-Site Request Forgery
- WP CSRF FEB 2025: 218 Bold WP Cross-Site Request Forgery
