Plugin Security Certification (PSC-2024-64545): “OneSignal – Web Push Notifications” – Version 3.0.6: Use Notifications with Enhanced Security

Plugin Security Certification (PSC-2024-64545): “OneSignal – Web Push Notifications” – Version 3.0.6: Use Notifications with Enhanced Security

OneSignal – Web Push Notifications – A powerful plugin designed to boost user engagement and retention by sending targeted push notifications. Whether you’re a startup or an enterprise, OneSignal ensures seamless delivery of notifications across platforms, driving re-engagement with your website even after users have left. With a simple setup process and advanced features like real-time analytics, A/B testing, and user segmentation, this plugin is trusted by millions worldwide. Its robust infrastructure and commitment to security make it a reliable choice for businesses of all sizes. Additionally, OneSignal has undergone rigorous security testing and received the prestigious Plugin Security Certification (PSC) from CleanTalk, ensuring a secure and dependable solution for managing push notifications.

Plugin Security Certification (PSC-2024-64531): “Click to Chat” – Version 4.12.1: Use WhatsApp with Enhanced Security

Plugin Security Certification (PSC-2024-64531): “Click to Chat” – Version 4.12.1: Use WhatsApp with Enhanced Security

WhatsApp Chat – A versatile and user-friendly plugin designed to connect your website visitors with you via WhatsApp or WhatsApp Business. With a single click, users can initiate chats seamlessly, whether on mobile or desktop devices. The plugin offers extensive customization options, enabling you to tailor its appearance and functionality to suit your website’s design. Beyond convenience, WhatsApp Chat prioritizes security, ensuring user data is handled safely. The plugin has undergone comprehensive security testing and has earned the prestigious Plugin Security Certification (PSC-2024-64531) from CleanTalk, providing website owners with peace of mind and a secure integration option.

Malicious code youtube.php

Malicious code youtube.php

Malicious code is quite common on WordPress sites and complicates the lives of users with the functionality of the website and its capabilities, even to the point that malicious code can have serious destructive effects.

A file was found in the YouTube Embed Plus plugin for WordPress youtube.php in which the attacker wrote malicious code that may pose a security threat to sites. This code allows attackers to gain access to site settings and data through various mechanisms, such as unauthorized changes to plugin settings or the introduction of hidden code. Let’s take a closer look at what this malicious code is and what measures can be taken to protect against possible threats.

CVE-2024-9651 – Fluent Forms – Stored XSS to Backdoor Creation – POC

CVE-2024-9651 – Fluent Forms – Stored XSS to Backdoor Creation – POC

Fluent Forms, a widely used WordPress plugin that has been installed more than 500,000 times, is known for its advanced and lightweight contact form builder. With features such as drag-and-drop customization, conditional logic, and anti-spam, it has become a staple for both businesses and developers. However, such popularity also makes it an object for exploitation. The vulnerability associated with the persistence of cross-site scripting (XSS) CVE-2024-9651 in older versions of Fluent Forms pages poses a significant risk, potentially allowing attackers to introduce backdoors and compromise entire websites.

Version 5.2.5 of Fluent Forms has received a plugin Security Certificate (PSC), which guarantees users that this version is verified as secure.

CVE-2024-11183 – Simple Side Tab – Stored XSS to Backdoor Creation – POC

CVE-2024-11183 – Simple Side Tab – Stored XSS to Backdoor Creation – POC

It was recently discovered that the “Simple Slide Tab” plugin, designed to help WordPress site owners increase conversion by adding customizable call-to-action tabs, contains a security flaw. The simplicity and convenience of the plugin, combined with its flexibility in customizing tab behavior and appearance, have made it practical among WordPress users. However, this popularity now poses a security threat due to a vulnerability related to the saved cross-site scripts (XSS) CVE-2024-11183. This flaw can be used to create backdoors that provide attackers with unauthorized access to vulnerable sites.

CVE-2024-10551 – Sticky Social Icons – Stored XSS to Backdoor Creation – POC

CVE-2024-10551 – Sticky Social Icons – Stored XSS to Backdoor Creation – POC

It was recently discovered that the “Sticky Social Icons” plugin, used to integrate customizable social media buttons, contains a vulnerability CVE-2024-10551. This flaw allows attackers to carry out attacks using stored cross-site scripting (XSS), which can potentially lead to the creation of a backdoor and further compromise of vulnerable websites. Since the plugin is currently closed for download and update, understanding this vulnerability is crucial for both prevention and elimination.

Effective Prevention Methods for XSS

Effective Prevention Methods for XSS

Cross-site scripting (XSS) vulnerabilities occupy one of the first places in terms of frequency among the vulnerabilities found in WordPress plugins. These vulnerabilities occur when data from a user is not sufficiently cleaned before being displayed on site pages, which allows attackers to inject malicious code such as JavaScript and execute it in visitors’ browsers. XSS attacks can lead to theft of user data, hijacking of sessions, modification of page content, and other types of malicious activity

Plugin Security Certification (PSC-2024-64530): “Fluent Forms” – Version 5.2.10: Use Forms with Enhanced Security

Plugin Security Certification (PSC-2024-64530): “Fluent Forms” – Version 5.2.10: Use Forms with Enhanced Security

Fluent Forms has passed a thorough security assessment and received the prestigious Plugin Security Certification (PSC) from CleanTalk, which guarantees users a secure environment for managing forms.
Fluent Forms is a comprehensive and secure contact form builder designed for WordPress. With an intuitive drag-and-drop interface, Fluent Forms provides a wide range of features that are suitable for both beginners and advanced users. Recognized for its performance, Fluent Forms loads quickly without overloading your site and offers a wide range of powerful form functionality. The security features of the plugin ensure the protection of user data, and the advanced customization options make it a universal choice for any WordPress website.

And now, thanks to the security certification of the plugin (PSC-2024-64530) from CleanTalk, you can use Fluent Forms with a guarantee of increased security. This certification confirms that Fluent Forms has passed a thorough security check, which makes it a reliable means of managing the contact form builder without introducing vulnerabilities to your WordPress site.

CVE-2024-10362 – Social Media Share Buttons – Stored XSS to Backdoor Creation – POC

CVE-2024-10362 – Social Media Share Buttons – Stored XSS to Backdoor Creation – POC

CVE-2024-10362 exposes a Stored Cross-Site Scripting (XSS) vulnerability in the Ultimate Social Media Icons WordPress plugin. This popular plugin allows WordPress site administrators to display customizable social media icons, enabling visitors to share content across platforms like Facebook, Twitter, LinkedIn, and more. Unfortunately, a flaw in its handling of user inputs can permit attackers to inject malicious JavaScript code, paving the way for serious security risks. This article explores how the vulnerability was discovered, the potential impact on WordPress sites, and practical steps to protect against such attacks.