25 WordPress plugins vulnerable to CSRF attacks

25 WordPress plugins vulnerable to CSRF attacks

Author: ZoneWP

Date: September 18, 2020 

Category: Plugin development, SEO, Security, Tips and tricks, Tutorials, Webhosting

Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.

What is a CSRF attack?

In a CSRF attack, an innocent end user is tricked by an attacker into submitting a web request that they did not intend. This may cause actions to be performed on the website that can include inadvertent client or server data leakage, change of session state, or manipulation of an end user’s account.

The impact of these vulnerabilities may vary from low to high severity, leading to, for example, XSS (stored or reflected), changes in settings, configuration import


World of WordPress is hosted by:

Rocket.net: Build Your Site on the Fastest WordPress Platform

With Rocket, your websites will be blazing fast, always protected, and supported 24/7 by our experts with over 17 years of experience.