Email marketing integrations process order activity, customer profiles, product metadata, cart events, and API credentials. That makes them useful for store communication, but also security-sensitive because customer related data moves between WooCommerce and an external marketing platform. Mailchimp for WooCommerce version 6.1.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64671, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for WooCommerce customer sync, order data handling, API credentials, and marketing automation workflows.
Plugin Security Certification (PSC-2026-64670): “Pinterest for WooCommerce” – Version 1.4.27

Commerce marketing integrations handle product data, tracking events, connected account settings, and background synchronization. That makes them valuable for store growth, but also security-sensitive because merchant configuration and catalog data can affect both customer privacy and public product visibility. Pinterest for WooCommerce version 1.4.27 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64670, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for WooCommerce catalog sync, tracking tags, connected account settings, and product data handling.
Plugin Security Certification (PSC-2026-64669): “Really Simple CAPTCHA” – Version 2.4

CAPTCHA helper plugins sit close to form submission flows, generated challenge files, temporary tokens, and validation results used by other plugins. That makes them useful against automated abuse, but also security-sensitive because weak file handling or predictable challenge behavior can affect public forms. Really Simple CAPTCHA version 2.4 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64669, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for CAPTCHA generation, temporary file handling, token validation, and plugin integration boundaries.
Plugin Security Certification (PSC-2026-64668): “Font Awesome” – Version 5.1.5

Icon plugins affect the editor, public markup, scripts, styles, and sometimes external kit configuration. That makes them convenient for visual design, but also security-sensitive because stored icon settings and asset URLs can become part of the public HTML served to visitors. Font Awesome version 5.1.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64668, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for icon rendering, asset loading, kit configuration, and editor integration behavior.
Plugin Security Certification (PSC-2026-64667): “Facebook Chat Plugin – Live Chat Plugin for WordPress” – Version 2.5

Live chat plugins add third-party scripts, public widgets, and administrator managed page identifiers to WordPress pages. That makes them useful for customer communication, but also security-sensitive because stored settings are rendered to visitors and external script behavior becomes part of the public site surface. Facebook Chat Plugin – Live Chat Plugin for WordPress version 2.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64667, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for live chat widget settings, public script rendering, and third-party page connection workflows.
Plugin Security Certification (PSC-2026-64666): “Image Optimizer – Optimize Images and Convert to WebP or AVIF” – Version 1.7.5

Image optimization plugins work directly with uploaded media, generated derivatives, file names, MIME types, and background processing jobs. That makes them useful for performance, but also security-sensitive because unsafe media handling can lead to path manipulation, unauthorized file access, broken public assets, or exposure of media metadata. Image Optimizer – Optimize Images and Convert to WebP or AVIF version 1.7.5 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64666, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for image optimization, format conversion, media processing, and upload pipeline behavior.
Plugin Security Certification (PSC-2026-64665): “Jetpack – WP Security, Backup, Speed, and Growth” – Version 15.9.1

Security and performance suites operate across many areas of a WordPress installation, including backups, malware scanning, content delivery, statistics, forms, and social publishing. That makes them operationally useful, but also security-sensitive because a broad plugin footprint can affect privileged settings, connected service tokens, public scripts, and administrator workflows. Jetpack – WP Security, Backup, Speed, and Growth version 15.9.1 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64665, confirming that the plugin was reviewed from a secure code perspective with attention to common exploitation paths for security suites, backup workflows, performance modules, and connected service integrations.
How Security by CleanTalk Blocks Brute Force Login Attempts in WordPress
CVE-2026-2918 – Happy Addons – Stored XSS – POC

CVE-2026-2918 affects Happy Addons for Elementor and it is an authenticated Contributor level stored cross site scripting vulnerability in the Theme Builder Template Conditions workflow. The vulnerable AJAX action accepts an arbitrary template_id and performs a broad edit_posts capability check instead of checking the specific ha_library template. A Contributor with access to the Elementor editor nonce can change conditions for another published template and store crafted condition data that is later rendered as unsafe HTML attributes in the Elementor editor. When an administrator opens Template Conditions, the payload can run in the admin browser context, which can lead to nonce theft, privileged actions, and full site compromise.

