Loco Translate is a powerful tool designed for seamless translation management directly within your WordPress dashboard. With over 1 million downloads, this plugin has established itself as a reliable choice for developers and website owners seeking an efficient way to
WP Super Cache is an essential WordPress plugin designed to optimize website performance by generating static HTML files from dynamic content. These static files are served to visitors, significantly reducing server load and enhancing website speed. With its robust caching
Max Buttons is a widely used WordPress plugin that allows users to create customizable buttons for their website. However, a critical vulnerability, CVE-2024-8968, has been identified in the plugin. This flaw allows attackers with editor-level access to inject malicious JavaScript into the “Text color” field when creating a new button, which can be stored and executed when the settings are accessed. The injected script can lead to account takeover and the creation of a backdoor, allowing attackers to gain admin access to the site. With over 100,000 active installations, this vulnerability presents a serious security risk to WordPress websites using Max Buttons.
Download Manager is a widely used WordPress plugin for managing downloadable files and controlling access to them. However, it contains a critical vulnerability, CVE-2024-10706, which allows for Stored Cross-Site Scripting (XSS) attacks. This vulnerability enables attackers to inject malicious JavaScript code into the plugin’s settings, which is then executed when the settings are accessed. This could lead to account takeover, with attackers gaining unauthorized admin access. With over 100,000 active installations, this flaw presents a significant security risk for WordPress websites using Download Manager.
Ultimate Blocks is a popular WordPress plugin that provides a variety of content blocks for Gutenberg. However, a critical vulnerability, CVE-2024-10678, has been discovered in the plugin, which allows for a Stored Cross-Site Scripting (XSS) attack. This vulnerability enables an attacker with contributor privileges to inject malicious JavaScript code into the “Countdown” block of a new post, which is then executed when the post is interacted with. The injected script can lead to account takeover and the creation of a backdoor admin account, posing a serious risk for WordPress websites. With over 50,000 active installations, this vulnerability represents a significant security threat.
Post Duplicator is a powerful yet simple WordPress plugin designed to duplicate posts, pages, and custom post types with just a click. It offers seamless functionality, supporting custom taxonomies and custom fields, making it a must-have for developers and content managers. With its intuitive interface, users can easily create exact replicas of their posts directly from the WordPress dashboard.
The plugin is particularly useful for developers working on new WordPress sites, as it allows for the creation of dummy content to test layouts and features. By streamlining content duplication, Post Duplicator ensures a hassle-free user experience while maintaining compatibility with WordPress core features.
The Image Widget plugin for WordPress, used to add image widgets to pages or posts, has been found to have a critical Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-10939. This vulnerability allows attackers with editor-level privileges to inject malicious JavaScript into the “imgurl” field of an image widget. The injected script is stored and executed when the widget is rendered, potentially leading to account takeover and the creation of a backdoor. With over 100,000 active installations, this vulnerability poses a significant security risk for WordPress sites using the Image Widget plugin.
The Hello Dolly plugin is famously known as the first plugin that many WordPress users encounter. While it might appear simple, showing just a lyric from “Hello, Dolly” in the top right corner of your WordPress admin screen, it has come to
Ajax Search Lite, a popular WordPress plugin that enables live search and filtering functionality, has been found to have a critical Stored Cross-Site Scripting (XSS) vulnerability, CVE-2024-10568. This vulnerability allows attackers with editor-level access to inject malicious JavaScript into the plugin’s settings, which is stored in the WordPress database and executed when the settings are accessed. The injected JavaScript can create a backdoor, potentially leading to account takeover and site compromise. With over 100,000 active installations, this vulnerability poses a significant security risk for WordPress sites that use the Ajax Search Lite plugin.
External Links – nofollow, noopener & new window is a powerful plugin designed to give WordPress users complete control over managing external and internal links. It allows website administrators to configure attributes such as nofollow, noopener, ugc, and sponsored for SEO and security optimization. Additionally, the plugin can open links in new windows or tabs, helping to enhance user experience and maintain site integrity.
The plugin introduces advanced features like link icons and attributes, link scanning (PRO version), and customizable link rules. Moreover, it works seamlessly with WordPress Multisite (WPMU) environments and is GDPR-compliant, ensuring safe and efficient link management for all users. External Links – nofollow, noopener & new window has earned the Plugin Security Certification (PSC) from CleanTalk, signifying its adherence to rigorous security standards.
