CVE-2024-3939 – Ditty – Stored XSS to JS backdoor creation – POC

CVE-2024-3939 – Ditty – Stored XSS to JS backdoor creation – POC

A critical security vulnerability CVE-2024-3939 was discovered in the WordPress plugin Ditty, which was downloaded by more than 40k users. This vulnerability exposes websites to the risk of attacks using stored cross-site scripting (XSS), which can potentially lead to account hijacking and violation of the integrity of the website. (if an attacker has previously hacked into an administrator or editor account, they can use the backdoor to restore access)

CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

A critical security vulnerability, CVE-2024-2189, has been identified in the Social Icons Widget & Block WordPress plugin, which boasts over 100k installations. This vulnerability exposes websites to the risk of Stored Cross-Site Scripting (XSS) attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-3368 – All in One SEO – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

CVE-2024-3368 – All in One SEO – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

A critical security flaw has been discovered in the widely-used WordPress plugin, All in One SEO with more then 3 millions installations, marked as CVE-2024-3368. This vulnerability poses a significant threat, allowing attackers to execute malicious code through Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of admin accounts by contributors.

Plugin Security Certification: “Smash Balloon Social Post Feed” – Version 4.2.4: Display Facebook posts with Enhanced Security

Plugin Security Certification: “Smash Balloon Social Post Feed” – Version 4.2.4: Display Facebook posts with Enhanced Security

Enhance your WordPress site with a robust Facebook post display plugin that’s not only feature-rich but also prioritizes security. Smash Balloon Social Post Feed, now certified with the Plugin Security Certification (PSC) from CleanTalk, offers unparalleled customization options while maintaining top-notch security standards.

Plugin Security Certification: “Featured Image from URL (FIFU)” – Version 4.7.2: Use external images/videos with Enhanced Security

Plugin Security Certification: “Featured Image from URL (FIFU)” – Version 4.7.2: Use external images/videos with Enhanced Security

Are you looking to streamline your website’s media management process while ensuring top-notch security standards? Look no further than the Featured Image from URL (FIFU) plugin. Since its inception in 2015, FIFU has revolutionized the way thousands of websites handle external media, saving valuable resources and bolstering security measures.