CVE-2026-2917 affects Happy Addons for Elementor and it is an authenticated Contributor level insecure direct object reference in the Happy Clone post duplication flow. The vulnerable admin action accepts a user supplied post_id and checks only the broad edit_posts capability, which lets an attacker clone other users’ published objects into a draft that they own. When the source object contains Elementor metadata or widget configuration, the copied draft can expose sensitive settings and create content integrity risk.
Plugin Security Certification (PSC-2026-64674): “Page Optimize” – Version 0.6.3

Page optimization plugins change how scripts, styles, and front-end resources are loaded. That makes them useful for performance, but also security-sensitive because optimized output becomes part of every public page and can affect forms, commerce, analytics, and security controls. Page Optimize version 0.6.3 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64674, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for front-end asset optimization, script and style handling, cache behavior, and public rendering paths.
Plugin Security Certification (PSC-2026-64673): “Admin and Site Enhancements (ASE)” – Version 8.8.5

Administrative enhancement plugins concentrate many privileged controls in one interface, including editor behavior, media tools, SMTP settings, menu changes, and site management modules. That makes them efficient for administrators, but also security-sensitive because broad settings can affect core WordPress behavior. Admin and Site Enhancements (ASE) version 8.8.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64673, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for admin module controls, privileged settings, custom site behavior, and WordPress management workflows.
Plugin Security Certification (PSC-2026-64672): “Advanced Google reCAPTCHA” – Version 5.39

Anti-spam plugins protect login, registration, comment, and public form paths. That makes them useful against automated abuse, but also security-sensitive because enforcement failures can leave high-value endpoints exposed or block legitimate visitors from expected workflows. Advanced Google reCAPTCHA version 5.39 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64672, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for reCAPTCHA validation, login protection, public form handling, and anti-spam configuration.
Plugin Security Certification (PSC-2026-64671): “Mailchimp for WooCommerce” – Version 6.1.1

Email marketing integrations process order activity, customer profiles, product metadata, cart events, and API credentials. That makes them useful for store communication, but also security-sensitive because customer related data moves between WooCommerce and an external marketing platform. Mailchimp for WooCommerce version 6.1.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64671, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for WooCommerce customer sync, order data handling, API credentials, and marketing automation workflows.
Plugin Security Certification (PSC-2026-64670): “Pinterest for WooCommerce” – Version 1.4.27

Commerce marketing integrations handle product data, tracking events, connected account settings, and background synchronization. That makes them valuable for store growth, but also security-sensitive because merchant configuration and catalog data can affect both customer privacy and public product visibility. Pinterest for WooCommerce version 1.4.27 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64670, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for WooCommerce catalog sync, tracking tags, connected account settings, and product data handling.
Plugin Security Certification (PSC-2026-64669): “Really Simple CAPTCHA” – Version 2.4

CAPTCHA helper plugins sit close to form submission flows, generated challenge files, temporary tokens, and validation results used by other plugins. That makes them useful against automated abuse, but also security-sensitive because weak file handling or predictable challenge behavior can affect public forms. Really Simple CAPTCHA version 2.4 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64669, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for CAPTCHA generation, temporary file handling, token validation, and plugin integration boundaries.
Plugin Security Certification (PSC-2026-64668): “Font Awesome” – Version 5.1.5

Icon plugins affect the editor, public markup, scripts, styles, and sometimes external kit configuration. That makes them convenient for visual design, but also security-sensitive because stored icon settings and asset URLs can become part of the public HTML served to visitors. Font Awesome version 5.1.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64668, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for icon rendering, asset loading, kit configuration, and editor integration behavior.
Plugin Security Certification (PSC-2026-64667): “Facebook Chat Plugin – Live Chat Plugin for WordPress” – Version 2.5

Live chat plugins add third-party scripts, public widgets, and administrator managed page identifiers to WordPress pages. That makes them useful for customer communication, but also security-sensitive because stored settings are rendered to visitors and external script behavior becomes part of the public site surface. Facebook Chat Plugin – Live Chat Plugin for WordPress version 2.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64667, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for live chat widget settings, public script rendering, and third-party page connection workflows.
Plugin Security Certification (PSC-2026-64666): “Image Optimizer – Optimize Images and Convert to WebP or AVIF” – Version 1.7.5

Image optimization plugins work directly with uploaded media, generated derivatives, file names, MIME types, and background processing jobs. That makes them useful for performance, but also security-sensitive because unsafe media handling can lead to path manipulation, unauthorized file access, broken public assets, or exposure of media metadata. Image Optimizer – Optimize Images and Convert to WebP or AVIF version 1.7.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64666, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for image optimization, format conversion, media processing, and upload pipeline behavior.
