Dmitrii I, Author at Plugin Security Certification (PSC) by CleanTalk

CVE-2024-6490 – Master Slider – CSRF to slider deletion – POC

In the ever-evolving landscape of WordPress security, plugins often introduce as much risk as they do functionality. A recent discovery in the Master Slider plugin, a popular choice among WordPress users for creating responsive image and content sliders, underscores this issue vividly. This article delves into a critical CSRF (Cross-Site Request Forgery) vulnerability identified in the plugin, labeled under CVE-2024-6490, which allows attackers to delete sliders without authorization.

CVE-2024-6094 – WP ULike – Stored XSS to Backdoor Creation – POC

The WordPress ecosystem is home to numerous plugins that enhance functionality, but this diversity also introduces potential vulnerabilities. A significant security flaw has been identified in the WP ULike plugin, marked as CVE-2024-6094, which jeopardizes website integrity by allowing Stored Cross-Site Scripting (XSS) attacks.

Plugin Security Certification: “Redirection” – Version 5.5.2: Use Redirects with Enhanced Security

The “Redirection” plugin, version 5.5.2, has been awarded the Plugin Security Certification (PSC) from CleanTalk, reflecting its high standards in ensuring robust security measures for managing 301 redirects and monitoring 404 errors on WordPress sites.

Plugin Security Certification: “Duplicate Page” – Version 4.5.5: Use Duplicate Functionality with Enhanced Security

The “Duplicate Page” plugin, has achieved the Plugin Security Certification (PSC) from CleanTalk. This certification is a testament to the plugin’s robust security framework, designed to ensure safe and efficient duplication of WordPress posts, pages, and custom post types with a single click.

Plugin Security Certification: “Yoast Duplicate Post” – Version 4.5: Use Duplicate Functionality with Enhanced Security

“Yoast Duplicate Post” plugin, has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, demonstrating its commitment to providing a secure and reliable tool for duplicating posts and pages within WordPress environments.

Plugin Security Certification: “WordPress Importer” – Version 0.9.5: Use Imports Functionality with Enhanced Security

The “WordPress Importer” plugin, version 0.9.5, has achieved the Plugin Security Certification (PSC) from CleanTalk. This certification highlights the plugin’s robust security measures, ensuring a safe and reliable import process for WordPress users who need to migrate content between sites.

Plugin Security Certification: “Site Kit by Google” – Version 1.168.0: Use Cool Site Kits with Enhanced Security

“Site Kit by Google” plugin, version 1.168, has successfully passed the Plugin Security Certification (PSC) from CleanTalk. This certification assures users of the plugin’s security and reliability, enabling WordPress site owners to integrate Google’s powerful tools with enhanced safety and performance.

CVE-2024-4260 – CoBlocks – SSRF – POC

In a recent examination of the “CoBlocks” WordPress plugin, a significant Server-Side Request Forgery (SSRF) vulnerability was uncovered, posing a serious security threat to websites utilizing this plugin. This finding underscores the crucial importance of rigorous security protocols in plugin development and maintenance.

CVE-2024-3996 – Post Grid, Post Carousel, & List Category Posts – Stored XSS to Backdoor Creation – POC

In the expansive ecosystem of WordPress plugins, security vulnerabilities can expose thousands of websites to undue risk. The recent discovery within the “Post Grid, Post Carousel, & List Category Posts” plugin underscores this ongoing challenge. This vulnerability, classified under CVE-2024-3996, compromises website integrity and user trust by enabling Stored Cross-Site Scripting (XSS) attacks.

CVE-2024-6334 – Easy Table of Contents – Stored XSS to Backdoor Creation – POC

The digital realm often mirrors the vulnerabilities of the real world, where security breaches can significantly disrupt operations and compromise sensitive information. One such recent discovery underscores the importance of vigilance and proactive security measures in WordPress plugins. This particular vulnerability exists within the “Easy Table of Contents” plugin, which has over 500,000 installations, underscoring its widespread utilization and the critical need for immediate attention.