Additional WordPress plugins and themes were found to be vulnerable to CSRF attacks.
Twenty five plugins for WordPress were found to be vulnerable to cross-site request forgery (CSRF) attacks.
The WordPress B2BKing plugin fixed a broken access control vulnerability that could allow customers to change the price of all products.
The WooCommerce Dynamic Pricing and Discounts plugin (19,000+ installations), fixed multiple unauthenticated vulnerabilities affecting version 2.4.1 and below.
For the past 30 months, we have reported quite a lot of vulnerabilities we discovered in WordPress themes and plugins. Here are some interesting stats and facts about them, as well as few recommendations for all developers of WordPress plugins and themes.