Plugin Security Certification (PSC-2025-64555): “Safe SVG” – Version 3.2.8: Use SVG files with Enhanced Security

Plugin Security Certification (PSC-2025-64555): “Safe SVG” – Version 3.2.8: Use SVG files with Enhanced Security

Safe SVG is the most reliable WordPress plugin for securely allowing SVG file uploads while ensuring robust security measures. Unlike native WordPress behavior, which restricts SVG uploads due to potential security vulnerabilities, Safe SVG sanitizes and optimizes uploaded SVG files, protecting websites from XML-based threats and malicious code injection. With over 1 million downloads, Safe SVG is a trusted solution for safely handling scalable vector graphics within WordPress. The plugin has undergone extensive security testing and has been awarded the Plugin Security Certification (PSC) from CleanTalk, verifying its adherence to the highest security standards.

CVE-2024-12770 – WP ULike – Stored XSS to JS Backdoor Creation – POC

CVE-2024-12770 – WP ULike – Stored XSS to JS Backdoor Creation – POC

WP ULike is a popular WordPress plugin that enables website administrators to add like buttons to posts, comments, and custom post types. This feature is widely used across WordPress websites to allow users to express their preferences for content. However, a critical vulnerability, CVE-2024-12770, has been identified in the plugin that allows for the injection of malicious JavaScript into the site. This Stored Cross-Site Scripting (XSS) vulnerability can be exploited by attackers with editor-level access, enabling them to inject malicious scripts into the “Like Button Aria Label” field. When the settings are saved, the injected script is stored in the database and executed on the frontend, which could lead to account takeover and the creation of a backdoor admin account. With over 100,000 active installations, this vulnerability presents a significant security risk to WordPress websites using WP ULike.

Plugin Security Certification (PSC-2025-64554): “CookieYes – Cookie Banner for Cookie Consent” – Version 3.2.8: Use Cookie with Enhanced Security

Plugin Security Certification (PSC-2025-64554): “CookieYes – Cookie Banner for Cookie Consent” – Version 3.2.8: Use Cookie with Enhanced Security

CookieYes – Cookie Banner for Cookie Consent is a powerful WordPress plugin designed to help website owners comply with global privacy regulations, including GDPR, CCPA/CPRA, LGPD, and more. By integrating a customizable cookie banner, CookieYes simplifies the process of obtaining user consent and managing cookies efficiently. This plugin ensures full compliance with privacy laws while maintaining a seamless user experience. Additionally, CookieYes has successfully passed a rigorous security audit and has obtained the Plugin Security Certification (PSC) from CleanTalk, reinforcing its commitment to robust security measures.

CVE-2024-13125 – Everest Forms – Stored XSS to JS Backdoor Creation – POC

CVE-2024-13125 – Everest Forms – Stored XSS to JS Backdoor Creation – POC

Everest Forms is a popular WordPress plugin that allows users to create and manage forms for collecting user information, including contact forms, surveys, and registration forms. A critical Stored Cross-Site Scripting (XSS) vulnerability, identified as CVE-2024-13125, has been found in the plugin. This vulnerability allows attackers with editor-level access to inject malicious JavaScript into the “Email Message” field in the Email Template settings. The injected script is then executed when the email template is previewed, allowing attackers to hijack the session of an admin user or escalate their privileges to gain full control of the WordPress site. With over 100,000 active installations, this vulnerability poses a significant security risk for websites using Everest Forms.

Plugin Security Certification (PSC-2025-64553): “Gwolle Guestbook” – Version 4.7.2: Use Guestbook with Enhanced Security

Plugin Security Certification (PSC-2025-64553): “Gwolle Guestbook” – Version 4.7.2: Use Guestbook with Enhanced Security

Gwolle Guestbook is a feature-rich and user-friendly WordPress guestbook plugin that allows website owners to integrate a secure and customizable guestbook system effortlessly. Unlike using the comment section as an alternative, this plugin provides a dedicated guestbook with built-in moderation, anti-spam measures, and user interaction tools. With a clean and intuitive interface, Gwolle Guestbook ensures seamless guestbook management while maintaining high security standards.

To guarantee the protection of user data and site integrity, Gwolle Guestbook undergoes rigorous security audits. The plugin has successfully passed CleanTalk’s security testing and has been awarded the Plugin Security Certification (PSC), confirming its adherence to industry best practices for security and reliability.

CVE-2024-13121 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

CVE-2024-13121 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

ProfilePress is a popular WordPress plugin that enables site administrators to easily manage user profiles, registration forms, and member directories. However, a critical Stored Cross-Site Scripting (XSS) vulnerability, CVE-2024-13121, has been discovered within the plugin. This vulnerability allows attackers with editor-level access to inject malicious JavaScript into the “Search Filter Fields Text” setting in the Member Directory. The injected script is stored and later executed, which could lead to account takeover and the creation of backdoor admin accounts. With over 200,000 active installations, this vulnerability represents a significant risk to websites using ProfilePress.

CVE-2024-13120 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

CVE-2024-13120 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

ProfilePress is a widely used WordPress plugin that allows website administrators to easily manage user profiles, registration, and login processes. However, a critical Stored Cross-Site Scripting (XSS) vulnerability has been identified in the plugin, CVE-2024-13120. This flaw allows attackers with editor-level access to inject malicious JavaScript code into the “Description” field of the “Remember me” block in the Drag & Drop Form settings. The injected script can then be executed, leading to the creation of a backdoor admin account or other malicious activities. This vulnerability affects over 200,000 active installations, posing a significant risk to websites using ProfilePress.

CVE-2024-13119 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

CVE-2024-13119 – ProfilePress – Stored XSS to JS Backdoor Creation – POC

ProfilePress is a popular WordPress plugin that provides user profile and membership management features. However, CVE-2024-13119 highlights a critical Stored Cross-Site Scripting (XSS) vulnerability that allows attackers to inject malicious JavaScript into the plugin’s settings. This vulnerability can be exploited by attackers with editor-level access to inject JavaScript into the “Title” field in the Member Directory settings. When the settings are saved, the malicious code is stored in the WordPress database and executed when the directory is rendered. This flaw enables attackers to create a backdoor, potentially giving them full control of the site. With over 200,000 active installations, this vulnerability poses a serious risk to websites using ProfilePress.

Malicious PHP snippets in WPCode

Malicious PHP snippets in WPCode

During the analysis and treatment of the infected site, malicious code was found embedded in the Code Snippets plugin. The main function of the malicious code was to redirect users once upon their first visit to the site, as well as to hide the plugin’s management form in the WordPress admin panel. This makes it difficult to detect the threat and increases the likelihood of a long-term presence of malicious code on a web resource.

This type of infection is quite common in the WordPress environment and causes a lot of inconvenience to website owners. Its main functionality is related to hiding malicious code and redirects on the website.

CVE-2024-4002 – Carousel, Slider, Gallery by WP Carousel – Stored XSS to JS Backdoor Creation – POC

CVE-2024-4002 – Carousel, Slider, Gallery by WP Carousel – Stored XSS to JS Backdoor Creation – POC

Carousel, Slider, Gallery by WP Carousel is a popular WordPress plugin that enables website owners to create interactive carousels, sliders, and galleries. However, a critical Stored Cross-Site Scripting (XSS) vulnerability has been discovered in this plugin, identified as CVE-2024-4002. This vulnerability allows attackers with editor-level access to inject malicious JavaScript into the plugin’s settings, which can then be executed when the carousel is rendered. The malicious script can create a backdoor, enabling attackers to take over admin accounts or perform other malicious actions. With over 50,000 active installations, this flaw presents a significant risk to websites using WP Carousel.