Author: Artyom Krugov

Plugin Security Certification: “Lightbox & Modal Popup WordPress Plugin – FooBox” – Version 2.7.28: Use Lightbox & Modal Popup with Enhanced Security

FooBox is a lightbox plugin that was the first to fully embrace responsive design. It ensures that images not only scale beautifully on mobile devices but also rearranges button controls to suit both portrait and landscape orientations. With FooBox, adding a modal popup to your website images requires no setup, as it automatically integrates with WordPress galleries, captioned images, and attachment images.

Plugin Security Certification: “WP Google Review Slider” – Version 14.4: Use sliders with Enhanced Security

WP Google Review Slider is an essential tool for WordPress site owners looking to display their Google reviews quickly and effectively. With this plugin, you can effortlessly showcase your hard-earned 5-star reviews in a stylish slider or responsive grid. This not only boosts customer confidence but also enhances social proof, ultimately driving more sales.

Plugin Security Certification: “Strong Testimonials” – Version 3.2.7: Use testimonials with Enhanced Security

Strong Testimonials is a versatile and user-friendly plugin designed to help WordPress users collect and display testimonials or reviews effortlessly. With over four years of development and user feedback, this plugin offers a wealth of flexible features, making it a favorite among both beginners and professionals. Its intuitive interface allows users to set up and manage testimonials quickly, ensuring a seamless experience for both website owners and visitors.

CVE-2024-4090 – My Sticky Bar – Stored XSS to Backdoor Creation – POC

In the diverse world of WordPress plugins, security vulnerabilities are a persistent concern for website administrators. The latest discovery, CVE-2024-4090, within the popular My Sticky Bar plugin, highlights this ongoing challenge. This vulnerability enables Stored Cross-Site Scripting (XSS) attacks, putting website integrity and user trust at significant risk.

CVE-2024-3986 – SportsPress – Stored XSS – POC

In the rapidly evolving digital landscape, WordPress remains a popular choice for website creation, offering a plethora of plugins to enhance functionality and user experience. However, the extensive use of these plugins also introduces significant security risks. One such risk has recently been identified in the SportsPress plugin, a widely-used tool designed for sports club management. This vulnerability, assigned CVE-2024-3986, allows for Stored Cross-Site Scripting (XSS) attacks, posing a serious threat to website security.

CVE-2024-4096 – Responsive Tabs – Stored XSS to Admin Account Creation – POC

In the ever-evolving landscape of web security, WordPress plugins frequently find themselves at the forefront of both innovation and vulnerability. One of the latest discoveries, CVE-2024-4096, exposes a significant flaw in the popular WordPress plugin Responsive Tabs. This vulnerability allows for a Stored Cross-Site Scripting (XSS) attack, enabling malicious actors to embed harmful JavaScript code. This can potentially lead to account takeovers, posing a serious risk to website security and user data.

CVE-2024-4483 – Email Encoder – Stored XSS – POC

The expansive digital ecosystem of WordPress supports millions of websites, leveraging countless plugins to boost functionality and user experience. However, this widespread use also presents numerous security risks. A significant vulnerability has recently been discovered in the Email Encoder plugin. Known as CVE-2024-4483, this flaw affects numerous installations, enabling attackers to perform stored Cross-Site Scripting (XSS) attacks that can lead to account takeovers.

Plugin Security Certification: “Shortcodes Ultimate” – Version 7.1.8: Use Shortcodes with Enhanced Security

Shortcodes Ultimate, the leading shortcodes plugin for WordPress, has achieved the Plugin Security Certification (PSC) from CleanTalk, providing an added layer of security for its users. This comprehensive plugin offers over 50 beautiful and functional shortcodes, allowing you to enhance your WordPress site by adding useful elements in the post editor, text widgets, or even template files. With its seamless integration with the Block Editor and support for custom CSS, Shortcodes Ultimate is a versatile and powerful tool for both developers and users, now with the assurance of certified security standards.

Plugin Security Certification: “Interactive Content – H5P” – Version 1.15.8: Use H5P with Enhanced Security

The “Interactive Content – H5P” plugin, version 1.15.8, has proudly achieved the Plugin Security Certification (PSC) from CleanTalk. This certification underscores the plugin’s dedication to providing a secure, reliable, and innovative solution for creating and managing interactive content on WordPress websites.

CVE-2024-5442 – NextGEN Gallery – Stored XSS – POC

In the ever-changing world of web security, WordPress plugins often find themselves at the forefront of both innovation and vulnerabilities. The latest discovery, CVE-2024-5442, reveals a critical flaw in the popular NextGen Gallery WordPress plugin gallery. This vulnerability makes a stored cross-site scripting (XSS) attack possible, allowing attackers to inject malicious JavaScript code and potentially create a backdoor to hijack accounts.