Author: Dmitrii I

Plugin Security Certification: “Recent Posts Widget Extended” – Version 2.0.2: Use Posts widget with Enhanced Security

The “Recent Posts Widget Extended” plugin is a powerful tool designed to enhance your WordPress site by displaying recent posts in a customizable and flexible manner. Whether through a shortcode or widget, this plugin offers advanced features for showcasing recent content, including thumbnails, excerpts, post dates, and more. Now, with its recent Plugin Security Certification (PSC) from CleanTalk, you can confidently integrate this plugin into your site knowing it meets high security standards.

Plugin Security Certification: “Easy FancyBox – WordPress Lightbox Plugin” – Version 2.3.3: Use Lightboxes with Enhanced Security

The “Easy FancyBox” plugin, a recipient of the Plugin Security Certification (PSC) from CleanTalk, offers a secure and feature-rich solution for implementing lightboxes on WordPress websites. With over 200,000 active installations, this plugin is renowned for its lightweight and flexible functionality, providing users with a seamless experience for viewing images and media content.

Plugin Security Certification: “Search & Replace” – Version 3.2.3: Search & Replace data in DB with Enhanced Security

With the advent of the Plugin Security Certification (PSC) from CleanTalk, the “Search & Replace” plugin has attained a new level of trust and reliability. This certification underscores the commitment to robust security measures, ensuring the integrity of your WordPress database management.

CVE-2024-4924 – Sassy social share – Stored XSS to backdoor creation – POC

WordPress plugins play a crucial role in extending the functionality of websites, but they also introduce potential security risks. One such vulnerability, identified as CVE-2024-4924, has been discovered in the Sassy Social Share plugin. This flaw allows attackers to execute stored cross-site scripting (XSS) attacks, leading to the creation of a backdoor for account takeover. This article explores the discovery, exploitation, and implications of CVE-2024-4924, along with strategies to enhance WordPress security.

Plugin Security Certification: “SVG Support” – Version 2.5.5: Use SVG Files with Enhanced Security

The “SVG Support” plugin, a vital tool for safely uploading and using SVG files in WordPress, has successfully passed the Plugin Security Certification (PSC) by CleanTalk. This certification ensures that the plugin adheres to stringent security standards, providing users with enhanced safety when integrating SVG files into their websites.

CVE-2024-0756 – Insert or Embed Articulate Content into WordPress – Stored XSS/ Iframe Injection – POC

WordPress, a leading content management system, is widely used for creating websites due to its flexibility and extensive plugin ecosystem. However, the same extensibility that makes WordPress powerful also introduces potential security risks. One such critical vulnerability, CVE-2024-0756, has been discovered in the “Insert or Embed Articulate Content” plugin. This vulnerability enables attackers to execute stored cross-site scripting (XSS) and iframe injection attacks, compromising user accounts and site integrity. This article explores the discovery, exploitation, and potential impact of CVE-2024-0756, alongside best practices for securing WordPress sites.

CVE-2024-0757 – Insert or Embed Articulate Content into WordPress – RCE via zip bypass (Contributor+) Critical-High – POC

In recent times, WordPress has become a predominant platform for website development due to its user-friendly interface and extensive plugin ecosystem. However, this popularity also makes it a prime target for security vulnerabilities. One such critical vulnerability, identified as CVE-2024-0757, allows remote code execution (RCE) through insecure file uploads in a zip archive by users with contributor rights in Insert or Embed Articulate Content into WordPress plugin. This article delves into the discovery, exploitation, and potential impact of this vulnerability, along with recommendations for securing WordPress installations.

Plugin Security Certification: “Better Search Replace” – Version 1.4.7: Search/Replace What You Want with Enhanced Security

The “Better Search Replace” plugin has achieved the prestigious Plugin Security Certification (PSC) from CleanTalk, affirming its commitment to security and reliability. This certification ensures that the plugin adheres to the highest security standards, providing users with a secure and efficient tool for managing database operations during site migrations or other significant changes.

CVE-2024-4469 – WP-Staging | Migration Backup Restore – SSRF – POC

In the ever-evolving landscape of web security, the discovery of new vulnerabilities is a constant reminder of the necessity for vigilance. Recently, during the testing of the widely-used WP-Staging | Migration Backup Restore plugin for WordPress, a Server-Side Request Forgery (SSRF) vulnerability, designated as CVE-2024-4469, was identified. This vulnerability poses significant risks, as it can be exploited to scan local ports on the host server, potentially leading to further security breaches.

CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.