Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress JobSearch WP Job Board plugin (1,600+ sales on Envato) fixed a broken access control vulnerability in version 1.8.1 and below that could allow users to take over the website and its database.
16 WooCommerce product add-ons plugins fixed a critical broken access control vulnerability that could allow customers to take over the website and its database.
WordPress Automatic Plugin (26,000+ installations) fixed a critical vulnerability affecting version 3.53.2 and below that could allow unauthenticated users to take over the website and its database.
In this article we will see how to provide a very high level of protection to a WordPress blog with a web application firewall.