Author: Artyom Krugov

Plugin Security Certification: “Shortcodes Ultimate” – Version 7.1.8: Use Shortcodes with Enhanced Security

Shortcodes Ultimate, the leading shortcodes plugin for WordPress, has achieved the Plugin Security Certification (PSC) from CleanTalk, providing an added layer of security for its users. This comprehensive plugin offers over 50 beautiful and functional shortcodes, allowing you to enhance your WordPress site by adding useful elements in the post editor, text widgets, or even template files. With its seamless integration with the Block Editor and support for custom CSS, Shortcodes Ultimate is a versatile and powerful tool for both developers and users, now with the assurance of certified security standards.

Plugin Security Certification: “Interactive Content – H5P” – Version 1.15.8: Use H5P with Enhanced Security

The “Interactive Content – H5P” plugin, version 1.15.8, has proudly achieved the Plugin Security Certification (PSC) from CleanTalk. This certification underscores the plugin’s dedication to providing a secure, reliable, and innovative solution for creating and managing interactive content on WordPress websites.

CVE-2024-5442 – NextGEN Gallery – Stored XSS – POC

In the ever-changing world of web security, WordPress plugins often find themselves at the forefront of both innovation and vulnerabilities. The latest discovery, CVE-2024-5442, reveals a critical flaw in the popular NextGen Gallery WordPress plugin gallery. This vulnerability makes a stored cross-site scripting (XSS) attack possible, allowing attackers to inject malicious JavaScript code and potentially create a backdoor to hijack accounts.

CVE-2024-3963 – RafflePress Lite – Stored XSS – POC

RafflePress Lite is WordPress plugin designed to help users drive traffic, grow their email lists, and boost social media engagement through viral giveaways and contests. Its intuitive drag-and-drop interface and pre-built actions, such as sharing on Facebook and Twitter, make it an easy-to-use tool for marketers and anyone looking to enhance audience engagement. However, a significant security flaw was discovered in versions prior to 1.12.14, allowing users with Editor+ rights to exploit a stored cross-site scripting (XSS) vulnerability. This flaw poses a serious risk as it can lead to the theft of user and administrator credentials.

CVE-2024-6138 – Secure Copy Content Protection – Stored XSS – POC

The Secure Copy Content Protection plugin for WordPress is designed to prevent unauthorized copying of website content. However, during a recent security audit, a severe vulnerability—CVE-2024-6138—was discovered. This vulnerability allows Editor-level users to execute Stored Cross-Site Scripting (XSS) attacks, potentially leading to the creation of backdoors.

Plugin Security Certification: “Simple Share Buttons Adder” – Version 8.5.1: Securely Add Social Share Buttons with Confidence

The “Simple Share Buttons Adder” plugin, version 8.5.1, has earned the esteemed Plugin Security Certification (PSC) from CleanTalk, guaranteeing superior security for its users. This certification represents a crucial achievement in the plugin’s dedication to offering a secure, reliable, and user-friendly solution for adding customizable social share buttons to WordPress websites.

CVE-2024-4934 – Quiz and Survey Master – Stored XSS to Admin Account Creation (Contributor+) – POC

In the realm of WordPress plugins, Quiz and Survey Master stands out as an indispensable tool for creating interactive and engaging content. From viral quizzes to employee surveys, this plugin offers a wide array of features to enhance user engagement and drive traffic to your website. However, even the most useful plugins can harbor critical vulnerabilities. Recently, CVE-2024-4934, a Stored XSS vulnerability, was discovered in Quiz and Survey Master, posing a significant risk to WordPress sites. This article delves into the details of this vulnerability, its implications, and the steps necessary to safeguard against it.

CVE-2024-4664 – WP Chat App – Stored XSS (Administrator+) – POC

WP Chat App for WordPress offer a streamlined way to integrate WhatsApp communication directly into websites. This enhances customer support and engagement. However, with great functionality comes the need for robust security measures. Recently, a critical vulnerability, CVE-2024-4664, was discovered in the WP Chat App plugin, highlighting the importance of safeguarding such tools against potential exploits.

Plugin Security Certification: “Social Sharing Plugin – WordPress Social Sharing Plugin” – Version 3.3.68: Use Social Sharing with Enhanced Security

The “Sassy Social Share” plugin, a recipient of the Plugin Security Certification (PSC) from CleanTalk, offers a secure and comprehensive solution for adding social sharing capabilities to WordPress websites. With over 100,000 active installations, this plugin is celebrated for its extensive support of over 100 social sharing and bookmarking services, ensuring a versatile and user-friendly experience for website visitors.

Plugin Security Certification: “All in One SEO” – Version 4.6.7.1: SEO Plugin for WordPress with Enhanced Security

With the advent of the Plugin Security Certificate (PSC) from CleanTalk, the “All in One SEO” plugin has reached a new level of trust and reliability. This certification underlines the commitment to reliable security measures that guarantee the integrity of the management of this plugin in WordPress.