Plugin Security Certification (PSC-2024-64574): “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” – Version 9.3.8: Use Security Plugin with Enhanced Security

Plugin Security Certification (PSC-2024-64574): “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” – Version 9.3.8: Use Security Plugin with Enhanced Security

Solid Security – Password, Two Factor Authentication, and Brute Force Protection is a comprehensive WordPress security plugin designed to protect websites from the most common and dangerous cyber threats. With a proactive security strategy, this plugin guards against brute force attacks, malware infections, session hijacking, and unauthorized logins. Built to adapt to various types of websites – from eCommerce to blogs – Solid Security provides real-time monitoring, intelligent user-level protection, and automated vulnerability patching. The plugin has undergone a detailed security audit and successfully received the Plugin Security Certification (PSC) from CleanTalk, guaranteeing robust code integrity and secure implementation practices for WordPress environments.

Plugin Security Certification (PSC-2025-64573): “WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin” – Version 14.14: Use Statistics with Enhanced Security

Plugin Security Certification (PSC-2025-64573): “WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin” – Version 14.14: Use Statistics with Enhanced Security

WP Statistics is the leading privacy-focused analytics plugin for WordPress, offering site owners complete data control without relying on third-party services like Google Analytics. With full GDPR, CCPA, and PECR compliance out of the box, this plugin ensures users can collect vital website insights without compromising visitor privacy or ownership of their data.

All analytical data is stored locally in your own WordPress database, eliminating the need for external accounts or cookies. As a result, WP Statistics offers cookie-less tracking, no personally identifiable information (PII) by default, and respects “Do Not Track” (DNT) signals — making it the perfect choice for data-responsible site owners.

To validate its commitment to secure coding and data protection, WP Statistics has undergone an independent security audit and successfully received the Plugin Security Certification (PSC-2025-64573) from CleanTalk, guaranteeing it meets strict WordPress security standards.

Plugin Security Certification (PSC-2025-64572): “Hostinger Tools” – Version 3.0.37: Use Tools with Enhanced Security

Plugin Security Certification (PSC-2025-64572): “Hostinger Tools” – Version 3.0.37: Use Tools with Enhanced Security

Hostinger Tools is a powerful all-in-one plugin developed to simplify and secure key administrative tasks on WordPress websites. Designed with both functionality and safety in mind, it allows users to efficiently manage essential settings such as maintenance mode, PHP/WordPress version visibility, HTTPS/WWW redirects, and core security toggles — all from a centralized, intuitive interface.

Built by one of the most reputable hosting providers, Hostinger Tools not only optimizes site control for administrators but also integrates strong security mechanisms to safeguard WordPress environments. This plugin has successfully undergone in-depth security evaluation and received the Plugin Security Certification (PSC) from CleanTalk, validating its compliance with modern secure coding standards.

Plugin Security Certification (PSC-2025-64571): “BackWPup – WordPress Backup & Restore Plugin” – Version 5.2.3: Use Footer with Enhanced Security

Plugin Security Certification (PSC-2025-64571): “BackWPup – WordPress Backup & Restore Plugin” – Version 5.2.3: Use Footer with Enhanced Security

BackWPup is one of the most trusted and feature-rich backup and restore plugins for WordPress, offering both flexibility and robust protection for your website’s data. Developed by WP Media—the team behind WP Rocket—BackWPup allows you to create complete backups of your WordPress installation and store them safely on external services such as Dropbox, Amazon S3, Google Drive, OneDrive, and more.

But beyond its impressive features, what sets BackWPup v5.2.3 apart is its strong commitment to security. The plugin has undergone a thorough security review, code analysis, and penetration testing process, earning it the official Plugin Security Certification (PSC) with the identifier PSC-2025-64571, issued by CleanTalk

Plugin Security Certification (PSC-2025-64570): “Header Footer Code Manager” – Version 1.1.40: Use Footer with Enhanced Security

Plugin Security Certification (PSC-2025-64570): “Header Footer Code Manager” – Version 1.1.40: Use Footer with Enhanced Security

Header Footer Code Manager (HFCM) by 99 Robots is a powerful and secure WordPress plugin designed to safely insert custom code snippets (HTML, JavaScript, or CSS) into the header, footer, or content areas of your website without altering theme files. Whether you need to add analytics scripts, advertising tags, or verification codes, HFCM provides an intuitive interface that eliminates the risks associated with direct theme modification.

By allowing precise placement of scripts on specific pages, posts, categories, or devices, HFCM helps streamline performance and simplify site administration—all while keeping your codebase safe and organized.

Following a rigorous code review and penetration testing process, HFCM has earned the Plugin Security Certification (PSC) with ID PSC-2025-64570, issued by CleanTalk, confirming adherence to best practices in secure plugin development.

CVE-2025-48277 – WP Cost Calculator Builder – Stored XSS to JS Backdoor Creation – POC

CVE-2025-48277 – WP Cost Calculator Builder – Stored XSS to JS Backdoor Creation – POC

The WP Cost Calculator Builder is a widely used WordPress plugin that allows website owners to create dynamic pricing and estimation forms using an intuitive drag-and-drop interface. With over 20 flexible form elements and deep integration into e-commerce platforms like WooCommerce, it serves as a powerful tool for businesses that want to provide cost estimation on their services and products.

However, versions up to 3.2.74 of the plugin are vulnerable to a Stored Cross-Site Scripting (XSS) attack that allows malicious JavaScript code to be injected and persistently executed in the browser of any visitor who views the infected form.

CVE-2025-4567 – Post Slider and Carousel with Widget < 3.2.10 – Stored XSS to JS Backdoor Creation – POC

CVE-2025-4567 – Post Slider and Carousel with Widget < 3.2.10 – Stored XSS to JS Backdoor Creation – POC

Vulnerability was discovered in the widely-used WordPress plugin Post Slider and Carousel with Widget, which allows site owners to display posts in sliders or carousels. This plugin is favored for its ease of use and flexibility, especially for non-technical users.

The vulnerability, now identified as CVE-2025-4567, affects plugin versions below 3.2.10 and allows an authenticated user (with access to widget settings) to inject stored JavaScript code into a field that is later rendered on the front-end — leading to persistent Cross-Site Scripting (XSS) and the potential creation of a JavaScript backdoor.

CVE-2025-1485 – Real Cookie Banner < 5.1.6 – Stored XSS to JS Backdoor Creation – POC

CVE-2025-1485 – Real Cookie Banner < 5.1.6 – Stored XSS to JS Backdoor Creation – POC

The Real Cookie Banner plugin is a powerful consent management tool for WordPress, widely used to help website administrators comply with the GDPR and ePrivacy directives. With features like customizable cookie banners, content blockers, and consent documentation, the plugin plays a key role in user privacy and legal compliance. However, in version below 5.1.6, a Stored Cross-Site Scripting (XSS) vulnerability was discovered that can be exploited by authenticated users with access to the plugin’s customization features.

This article explores the vulnerability in detail, demonstrates how it can be exploited, and outlines practical recommendations for mitigating similar security risks in WordPress environments.

Plugin Security Certification (PSC-2025-64569): “Widgets for Google Reviews” – Version 12.7.6: Use Widgets with Enhanced Security

Plugin Security Certification (PSC-2025-64569): “Widgets for Google Reviews” – Version 12.7.6: Use Widgets with Enhanced Security

Widgets for Google Reviews is a powerful WordPress plugin designed to help businesses build trust and increase conversions by seamlessly displaying up to 10 Google reviews in stylish, responsive widgets. With over 40 widget layouts and 25 pre-designed styles, this plugin ensures your customer feedback is not only visible but also visually aligned with your brand.

Whether you’re a small local business or a growing e-commerce brand, this plugin makes it effortless to integrate user-generated reviews directly into your site, boosting both credibility and SEO performance. Beyond the attractive visuals and functionality, Widgets for Google Reviews has undergone extensive code-level security analysis and proudly holds the Plugin Security Certification (PSC-2025-64569) issued by CleanTalk, validating its commitment to secure development practices.

CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 – Contributor+ Stored XSS

CVE-2025-4133 Blog2Social: Social Media Auto Post & Scheduler < 8.4.0 – Contributor+ Stored XSS

Blog2Social is a widely used WordPress plugin that enables automatic posting, cross-promoting, and scheduling of content across a variety of social networks. It’s particularly popular among content creators and marketing teams for its extensive integrations and automation features. However, in versions prior to 8.4.0, a critical Stored Cross-Site Scripting (XSS) vulnerability was discovered. This flaw allows users with the Contributor role to inject malicious scripts that get executed within the WordPress Dashboard, posing a significant security threat.