Plugin Security Certification: “Activity Log” – Version 2.10.1: See logs with Enhanced Security

Plugin Security Certification: “Activity Log” – Version 2.10.1: See logs with Enhanced Security

The Activity Log plugin is a comprehensive solution for monitoring and tracking activity on your WordPress website. Offering unparalleled insights into user actions within the WordPress admin, this plugin functions as a vital security measure, akin to an airplane’s black box, logging every activity for enhanced security and accountability. In this article, we explore the security features of the Activity Log plugin and its recognition through the “Plugin Security Certification” (PSC) from CleanTalk.

Plugin Security Certification: “Astra Widgets” – Version 1.2.13: Use Widgets with Enhanced Security

Plugin Security Certification: “Astra Widgets” – Version 1.2.13: Use Widgets with Enhanced Security

With Astra Widgets 1.2.12, WordPress website owners can effortlessly expand their site’s capabilities while ensuring top-notch security. Whether you’re adding essential business information or social profile links, Astra Widgets provides the versatility and ease of use needed to elevate your website’s performance.

CVE-2024-1660 – Top Bar – Stored XSS to JS backdoor creation – POC

CVE-2024-1660 – Top Bar – Stored XSS to JS backdoor creation – POC

The recent discovery of CVE-2024-1660 in the Top Bar plugin unveils a critical vulnerability in WordPress, allowing for Stored XSS attacks. This flaw poses a significant risk to website security and warrants immediate attention from site administrators. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

Plugin Security Certification: “Simple Local Avatars” – Version 2.7.11: Change Avatars with Enhanced Security

Plugin Security Certification: “Simple Local Avatars” – Version 2.7.11: Change Avatars with Enhanced Security

Simple Local Avatars is a user-friendly plugin designed to streamline avatar management on WordPress websites. By seamlessly integrating an avatar upload field into user profiles, this lightweight plugin empowers users with media permissions to personalize their online presence effortlessly. In this article, we explore the features of Simple Local Avatars, emphasizing its commitment to security and recognition through the esteemed “Plugin Security Certification” (PSC) from CleanTalk.

CVE-2024-2428 – The Ultimate Video Player For WordPress – by Presto Player – Stored XSS to Admin Account Creation (Contributor+) – POC

CVE-2024-2428 – The Ultimate Video Player For WordPress – by Presto Player – Stored XSS to Admin Account Creation (Contributor+) – POC

A critical security flaw has been uncovered in “The Ultimate Video Player For WordPress” plugin, tagged as CVE-2024-2428. This vulnerability jeopardizes over 100,000 WordPress installations, enabling attackers to execute Stored Cross-Site Scripting (XSS) attacks, potentially leading to Admin Account Creation.

CVE-2024-2444 – Inline Related Posts – Stored XSS to JS backdoor creation – POC

CVE-2024-2444 – Inline Related Posts – Stored XSS to JS backdoor creation – POC

CVE-2024-2444 poses a significant threat to WordPress sites utilizing Inline Related Posts plugin, with over 100,000 installations. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2369 – Page Builder Gutenberg Blocks – CoBlocks – Stored XSS to Admin Account Creation (Contributor+) – POC

CVE-2024-2369 – Page Builder Gutenberg Blocks – CoBlocks – Stored XSS to Admin Account Creation (Contributor+) – POC

A critical security flaw, identified as CVE-2024-2369, threatens the integrity of over 400,000 WordPress sites leveraging the Page Builder Gutenberg Blocks plugin. This vulnerability, allowing Stored XSS to Admin Account Creation, poses an imminent risk of unauthorized access and control over administrative privileges.