Author: Artyom Krugov

CVE-2024-7716 – GS Logo Slider Lite – Stored XSS to JS Backdoor Creation – POC

In the realm of WordPress plugins, security vulnerabilities can pose significant threats to website integrity and user safety. One such vulnerability, identified as CVE-2024-7716, has been discovered in the GS Logo Slider Lite plugin. This Stored Cross-Site Scripting (XSS) vulnerability allows attackers to inject malicious JavaScript code, leading to the creation of a backdoor that can compromise administrator accounts and overall site security.

Plugin Security Certification: “SEOPress – On-site SEO” – Version 8.0.1: Use SEO with Enhanced Security

SEOPress is a comprehensive WordPress SEO plugin that offers a robust suite of features designed to enhance your website’s search engine optimization. This plugin integrates seamlessly with all page builders and themes, providing an all-in-one solution for managing your SEO needs. With the inclusion of AI (GPT-4), SEOPress now automates the generation of meta titles, descriptions, and alternative texts for images, simplifying the optimization process and saving valuable time.

CVE-2024-7313 – Shield Security – Reflected XSS to Admin Account Creation – POC

As WordPress continues to be a popular choice for website management, the security of plugins becomes paramount. The latest security flaw, CVE-2024-7313, within the Shield Security plugin, underscores a troubling vulnerability: reflected Cross-Site Scripting (XSS). This issue not only threatens the integrity of the plugin but also poses a significant risk of unauthorized admin account creation. With Shield Security being a key component for safeguarding WordPress sites, this vulnerability highlights a critical need for immediate attention and remediation to protect against potential exploits.

Plugin Security Certification: “Spam protection, Anti-Spam, FireWall by CleanTalk” – Version 6.49: Use Anti-Spam protection with Enhanced Security

Spam Protection, Anti-Spam, Firewall by CleanTalk is a top-rated solution designed to safeguard your WordPress site from spam without the need for CAPTCHAs, questions, puzzles, or any other intrusive methods. This universal anti-spam plugin offers a seamless and effective way to stop spam across comments, registrations, contact emails, orders, bookings, subscriptions, surveys, and more. CleanTalk’s cloud-based service ensures real-time email validation and comprehensive spam protection, enhancing the overall quality and performance of your website while being compatible with GDPR regulations.

CVE-2024-7084 – Ajax Search Lite – Stored XSS – POC

In the realm of web security, WordPress plugins often serve as both tools for enhancement and potential entry points for malicious activities. Recently, a significant vulnerability was uncovered in the Ajax Search Lite plugin, which is widely used to enhance search functionality on WordPress sites. This flaw, identified as CVE-2024-7084, allows for Stored Cross-Site Scripting (XSS) attacks that can lead to account hijacking and other severe security breaches.

Plugin Security Certification: “Social Media Widget” – Version 4.0.9: Use Widget with Enhanced Security

The Social Media Widget is a simple yet powerful sidebar widget for WordPress, designed to enhance your website’s social media presence. By allowing users to input their social media profile URLs and other subscription options, this plugin displays corresponding icons on your sidebar, each opening in a separate browser window. With support for a vast array of social media platforms, this widget provides a seamless way to connect with your audience.

Plugin Security Certification: “Lightbox & Modal Popup WordPress Plugin – FooBox” – Version 2.7.28: Use Lightbox & Modal Popup with Enhanced Security

FooBox is a lightbox plugin that was the first to fully embrace responsive design. It ensures that images not only scale beautifully on mobile devices but also rearranges button controls to suit both portrait and landscape orientations. With FooBox, adding a modal popup to your website images requires no setup, as it automatically integrates with WordPress galleries, captioned images, and attachment images.

Plugin Security Certification: “WP Google Review Slider” – Version 14.4: Use sliders with Enhanced Security

WP Google Review Slider is an essential tool for WordPress site owners looking to display their Google reviews quickly and effectively. With this plugin, you can effortlessly showcase your hard-earned 5-star reviews in a stylish slider or responsive grid. This not only boosts customer confidence but also enhances social proof, ultimately driving more sales.

Plugin Security Certification: “Strong Testimonials” – Version 3.1.14: Use testimonials with Enhanced Security

Strong Testimonials is a versatile and user-friendly plugin designed to help WordPress users collect and display testimonials or reviews effortlessly. With over four years of development and user feedback, this plugin offers a wealth of flexible features, making it a favorite among both beginners and professionals. Its intuitive interface allows users to set up and manage testimonials quickly, ensuring a seamless experience for both website owners and visitors.

CVE-2024-4090 – My Sticky Bar – Stored XSS to Backdoor Creation – POC

In the diverse world of WordPress plugins, security vulnerabilities are a persistent concern for website administrators. The latest discovery, CVE-2024-4090, within the popular My Sticky Bar plugin, highlights this ongoing challenge. This vulnerability enables Stored Cross-Site Scripting (XSS) attacks, putting website integrity and user trust at significant risk.