Everest Forms has officially passed the Plugin Security Certification (PSC-2025-64582), issued by CleanTalk, following an exhaustive security audit. This validation affirms that Everest Forms is not only powerful in capability but also hardened against modern web threats, making it a safe solution for any WordPress website—personal, corporate, or eCommerce.
Shortcodes Ultimate is a ubiquitous WordPress plugin used by over 500,000 websites to effortlessly embed rich content—galleries, tabs, sliders—through simple shortcode syntax. While its drag-and-drop gallery builder and extensive shortcode library enhance user experience, a serious security flaw—CVE-2025-8015—has been discovered. This vulnerability permits an Author+ user to inject persistent JavaScript into gallery items (via image links or titles), which executes when administrators or other privileged users interact with the gallery. Ultimately, attackers can escalate privileges, create admin backdoors, and fully compromise the site.
The Shortcodes Ultimate plugin is a widely used WordPress toolkit, enabling site owners to add rich content elements—buttons, tabs, sliders—via simple shortcodes. With over 500,000 active installations, it is a go-to plugin for visual enhancements. However, a critical vulnerability, CVE-2025-7369, allows unauthenticated attackers to exploit a lack of CSRF protection on the plugin’s AJAX preview endpoint. By submitting a specially crafted form, an attacker can store malicious JavaScript in the database that executes in the administrator’s browser, opening the door to a full account-takeover backdoor.
As site speed and resource efficiency become vital factors in user experience and SEO, the Performance Lab plugin emerges as a strategic asset for WordPress site owners and developers. Built by the official WordPress Performance Team, this plugin acts as a modular testing ground for new performance-enhancing features that are expected to land in the WordPress core in the future.
Performance Lab has not only optimized web performance, but also achieved a significant security milestone by passing CleanTalk’s rigorous Plugin Security Certification process—PSC-2025-64581. This confirms the plugin’s readiness for production environments where performance and security must go hand in hand.
AI Engine is an advanced WordPress plugin designed to bridge the power of modern AI models (like GPT-4.1, Claude, Gemini, o4, and others) with the flexibility and usability of WordPress. Whether you’re aiming to build custom chatbots, generate content, translate articles, or automate content workflows, AI Engine provides a powerful and secure solution—all from within the WordPress dashboard.
With deep integrations, developer-ready APIs, and support for multiple AI providers, AI Engine allows website owners to build intelligent, interactive, and efficient websites that scale with their needs. Beyond just functionality, the plugin has undergone rigorous code-level inspection and has been certified with the Plugin Security Certification (PSC) from CleanTalk, confirming its secure development practices and strong protection measures.
Custom content structures are a cornerstone of advanced WordPress development. The Custom Post Type UI plugin empowers administrators and developers by offering a robust and user-friendly interface for registering and managing custom post types and taxonomies—without writing a single line of code.
Custom Post Type UI has successfully passed a comprehensive security audit and earned the Plugin Security Certification (PSC-2025-64579) from CleanTalk. This milestone confirms that the plugin adheres to the highest standards of secure coding practices, allowing users to leverage custom content types with confidence and protection.
From streamlining content architecture to enabling flexible taxonomies, CPTUI enhances WordPress functionality without compromising security.
When it comes to setting up WordPress themes, nothing is more frustrating for users than starting from scratch. The One Click Demo Import plugin solves this by offering a seamless, user-friendly method to load pre-built demo content with a single click. With version 3.3.0, the plugin continues to provide that convenience—now with an added layer of confidence: official Plugin Security Certification (PSC-2025-64578) from CleanTalk.
The Structured Content plugin helps WordPress users enhance their pages with rich JSON-LD schema.org structured data elements. It allows for the insertion of components like FAQs, job postings, events, and more, with options to display the content as visible HTML or hidden machine-readable data.
However, in version 1.6.4 and below, a Stored Cross-Site Scripting (XSS) vulnerability was identified that allows users with Contributor privileges to inject malicious JavaScript via the “Additional CSS class(es)” field in FAQ blocks. This XSS payload is then persistently stored and can be executed when the HTML is rendered, leading to account compromise or further exploitation.
The OpenStreetMap for Gutenberg and WPBakery Page Builder plugin is designed to help WordPress users easily embed customizable and interactive maps into their posts and pages. However, in version 1.2.0 and below, a Stored Cross-Site Scripting (XSS) vulnerability exists, which allows Contributor-level users to inject persistent JavaScript code into map marker popup text. This can lead to account compromise, content injection, and potentially full site takeover.
Calculated Fields Form is a versatile WordPress plugin that lets users design dynamic forms with live calculations, sliders, and conditional logic. With more than 60,000 active installations, it powers everything from loan calculators to interactive quizzes. However, a severe security flaw—CVE-2024-13381—has been discovered in the plugin’s Slider block configuration. This vulnerability allows an editor to inject persistent JavaScript into form captions, which executes whenever the form is previewed, creating an avenue for backdoor creation and full administrative takeover.