Plugin Security Certification (PSC-2025-64577): “SiteGuard WP Plugin” – Version 8.1.4: Use Guard Plugin with Enhanced Security

Plugin Security Certification (PSC-2025-64577): “SiteGuard WP Plugin” – Version 8.1.4: Use Guard Plugin with Enhanced Security

SiteGuard WP Plugin is a dedicated WordPress security solution built to combat brute force login attacks and unauthorized access attempts. With its focus on login endpoint protection, SiteGuard enhances the default WordPress security posture by introducing multiple defensive layers—ranging from login page obfuscation to IP-based access filtering. Unlike general-purpose security suites, SiteGuard zeroes in on the most commonly abused attack vectors, providing lightweight and robust protection with minimal configuration.

Developed by JP-Secure, the plugin includes advanced features like CAPTCHA integration, login rate limiting, email alerts, and author enumeration blocking. These tools are engineered to resist automated login bots, password spraying attacks, and information disclosure exploits. Owing to its focused architecture and strict development standards, SiteGuard WP Plugin 1.7.8 has been independently audited and certified by CleanTalk, receiving the Plugin Security Certification (PSC) with ID PSC-2025-64577.

Plugin Security Certification (PSC-2025-64576): “EWWW Image Optimizer” – Version 8.1.4: Use Optimizer Plugin with Enhanced Security

Plugin Security Certification (PSC-2025-64576): “EWWW Image Optimizer” – Version 8.1.4: Use Optimizer Plugin with Enhanced Security

EWWW Image Optimizer (EWWW IO) is a high-performance WordPress plugin designed to enhance site speed and SEO by automatically optimizing image files across your entire website. Whether you’re dealing with the WordPress Media Library, theme assets, or third-party plugin images, EWWW IO ensures that every image is compressed efficiently without compromising quality. The plugin supports a wide range of formats, including JPG, PNG, WebP, SVG, PDF, and the next-gen AVIF, with adaptive and intelligent conversion to deliver optimal file types for every use case.

EWWW IO can perform all optimizations locally on your server using powerful image processing tools or offload them to specialized servers via Easy IO CDN. With features such as lazy loading, bulk optimization, WebP/AVIF conversion, and comprehensive plugin compatibility, it serves as a complete image performance suite. EWWW IO is not only built for speed but also engineered with strong security practices, having earned the Plugin Security Certification (PSC) from CleanTalk.

Plugin Security Certification (PSC-2024-64575): “Table of Contents Plus” – Version 2411.1: Use Content Plugin with Enhanced Security

Plugin Security Certification (PSC-2024-64575): “Table of Contents Plus” – Version 2411.1: Use Content Plugin with Enhanced Security

Table of Contents Plus is a powerful and user-friendly WordPress plugin designed to automatically generate structured, context-specific tables of contents (TOC) for long-form content and custom post types. Inspired by Wikipedia’s navigation standards, the plugin enhances readability and SEO by providing a logical content structure for users and search engines alike. Beyond a traditional TOC, it also offers built-in support for generating sitemaps of pages, categories, and posts across the site. With seamless shortcode functionality, advanced customization options, and robust theme compatibility, Table of Contents Plus is ideal for content-heavy websites and blogs seeking to improve user experience and page navigation.

After undergoing rigorous security testing and static code analysis, the plugin has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, ensuring its compliance with high-level security standards and safe deployment on any WordPress installation.

CVE-2025-5730 – Easy Contact Form Lite < 1.1.29 – Contributor+ Stored XSS

CVE-2025-5730 – Easy Contact Form Lite < 1.1.29 – Contributor+ Stored XSS

Cross-Site Scripting (XSS) remains one of the most prevalent and dangerous vulnerabilities affecting WordPress plugins, especially those that allow user-generated content. In the Easy Contact Form Lite plugin (versions prior to 1.1.29), a stored XSS vulnerability was discovered that allows Contributor-level users to inject persistent JavaScript into the form’s placeholder field. This can lead to session hijacking, site defacement, and privilege escalation attacks if exploited by a malicious user.

CVE-2025-5194 – WP Map Block by aBlocks < 2.0.3 – Contributor+ Stored XSS via Marker – POC

CVE-2025-5194 – WP Map Block by aBlocks < 2.0.3 – Contributor+ Stored XSS via Marker – POC

Stored Cross-Site Scripting (XSS) vulnerabilities continue to pose significant risks to WordPress websites, especially those utilizing Gutenberg-compatible plugins for dynamic content embedding. A critical stored XSS vulnerability (CVE-2025-5194) was recently discovered in the WP Map Block plugin, which has since merged with aBlocks. The flaw allows users with Contributor or higher privileges to inject persistent JavaScript payloads through the map marker content, potentially compromising site integrity and administrative accounts.

Plugin Security Certification (PSC-2024-64574): “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” – Version 9.3.8: Use Security Plugin with Enhanced Security

Plugin Security Certification (PSC-2024-64574): “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” – Version 9.3.8: Use Security Plugin with Enhanced Security

Solid Security – Password, Two Factor Authentication, and Brute Force Protection is a comprehensive WordPress security plugin designed to protect websites from the most common and dangerous cyber threats. With a proactive security strategy, this plugin guards against brute force attacks, malware infections, session hijacking, and unauthorized logins. Built to adapt to various types of websites – from eCommerce to blogs – Solid Security provides real-time monitoring, intelligent user-level protection, and automated vulnerability patching. The plugin has undergone a detailed security audit and successfully received the Plugin Security Certification (PSC) from CleanTalk, guaranteeing robust code integrity and secure implementation practices for WordPress environments.

Plugin Security Certification (PSC-2025-64573): “WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin” – Version 14.14.1: Use Statistics with Enhanced Security

Plugin Security Certification (PSC-2025-64573): “WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin” – Version 14.14.1: Use Statistics with Enhanced Security

WP Statistics is the leading privacy-focused analytics plugin for WordPress, offering site owners complete data control without relying on third-party services like Google Analytics. With full GDPR, CCPA, and PECR compliance out of the box, this plugin ensures users can collect vital website insights without compromising visitor privacy or ownership of their data.

All analytical data is stored locally in your own WordPress database, eliminating the need for external accounts or cookies. As a result, WP Statistics offers cookie-less tracking, no personally identifiable information (PII) by default, and respects “Do Not Track” (DNT) signals — making it the perfect choice for data-responsible site owners.

To validate its commitment to secure coding and data protection, WP Statistics has undergone an independent security audit and successfully received the Plugin Security Certification (PSC-2025-64573) from CleanTalk, guaranteeing it meets strict WordPress security standards.

Plugin Security Certification (PSC-2025-64572): “Hostinger Tools” – Version 3.0.41: Use Tools with Enhanced Security

Plugin Security Certification (PSC-2025-64572): “Hostinger Tools” – Version 3.0.41: Use Tools with Enhanced Security

Hostinger Tools is a powerful all-in-one plugin developed to simplify and secure key administrative tasks on WordPress websites. Designed with both functionality and safety in mind, it allows users to efficiently manage essential settings such as maintenance mode, PHP/WordPress version visibility, HTTPS/WWW redirects, and core security toggles — all from a centralized, intuitive interface.

Built by one of the most reputable hosting providers, Hostinger Tools not only optimizes site control for administrators but also integrates strong security mechanisms to safeguard WordPress environments. This plugin has successfully undergone in-depth security evaluation and received the Plugin Security Certification (PSC) from CleanTalk, validating its compliance with modern secure coding standards.

Plugin Security Certification (PSC-2025-64571): “BackWPup – WordPress Backup & Restore Plugin” – Version 5.2.3: Use Footer with Enhanced Security

Plugin Security Certification (PSC-2025-64571): “BackWPup – WordPress Backup & Restore Plugin” – Version 5.2.3: Use Footer with Enhanced Security

BackWPup is one of the most trusted and feature-rich backup and restore plugins for WordPress, offering both flexibility and robust protection for your website’s data. Developed by WP Media—the team behind WP Rocket—BackWPup allows you to create complete backups of your WordPress installation and store them safely on external services such as Dropbox, Amazon S3, Google Drive, OneDrive, and more.

But beyond its impressive features, what sets BackWPup v5.2.3 apart is its strong commitment to security. The plugin has undergone a thorough security review, code analysis, and penetration testing process, earning it the official Plugin Security Certification (PSC) with the identifier PSC-2025-64571, issued by CleanTalk

Plugin Security Certification (PSC-2025-64570): “Header Footer Code Manager” – Version 1.1.40: Use Footer with Enhanced Security

Plugin Security Certification (PSC-2025-64570): “Header Footer Code Manager” – Version 1.1.40: Use Footer with Enhanced Security

Header Footer Code Manager (HFCM) by 99 Robots is a powerful and secure WordPress plugin designed to safely insert custom code snippets (HTML, JavaScript, or CSS) into the header, footer, or content areas of your website without altering theme files. Whether you need to add analytics scripts, advertising tags, or verification codes, HFCM provides an intuitive interface that eliminates the risks associated with direct theme modification.

By allowing precise placement of scripts on specific pages, posts, categories, or devices, HFCM helps streamline performance and simplify site administration—all while keeping your codebase safe and organized.

Following a rigorous code review and penetration testing process, HFCM has earned the Plugin Security Certification (PSC) with ID PSC-2025-64570, issued by CleanTalk, confirming adherence to best practices in secure plugin development.