A critical security flaw, CVE-2024-1219, has been unearthed within Easy Social Feed WordPress plugin, putting websites at risk of compromise. This vulnerability, discovered during routine plugin testing, enables attackers to execute Stored XSS attacks, potentially leading to admin account takeover.
CVE-2024-1664 – Responsive Gallery Grid – Stored XSS to JS backdoor creation – POC

A critical security flaw has been uncovered in Responsive Gallery Grid plugin, marked as CVE-2024-1664. This vulnerability enables attackers to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, thus endangering website integrity and security. This vulnerability allows malicious actors to execute Stored XSS attacks, potentially leading to the creation of JavaScript backdoors, compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Plugin Security Certification: “SEO SIMPLE PACK” – Version 3.4.0: Use SEO with Enhanced Security

The “SEO SIMPLE PACK” plugin prioritizes security to safeguard user data and ensure a secure SEO optimization process. With adherence to stringent security protocols and successful verification through the Plugin Security Certification (PSC) from CleanTalk, users can trust the plugin’s commitment to maintaining the highest security standards.
CVE-2024-2643 – My Sticky Bar – Stored XSS to JS backdoor creation – POC

A critical vulnerability, CVE-2024-2643, has been unearthed in My Sticky Bar WordPress plugin, posing a significant threat to website security. Exploiting this flaw enables attackers to execute Stored XSS attacks and potentially implant JavaScript backdoors, jeopardizing website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
Plugin Security Certification: “WP Customer Reviews” – Version 3.7.2: Creating reviews with Enhanced Security

WP Customer Reviews 3.7.2 is a WordPress plugin designed to facilitate user-generated reviews for businesses and products. It offers a dedicated page on your WordPress site where customers can submit testimonials or write reviews about your services or products. This plugin is tailored to meet the growing demand for user feedback, essential for businesses aiming to establish credibility and trustworthiness online.
CVE-2024-1849 – WP Customer Reviews – Malicious Redirect via HTTP-EQUIV Injection – POC
Plugin Security Certification: “GTM4WP – A Google Tag Manager (GTM)” – Version 1.22.1: Manage and deploy analytics with Enhanced Security

GTM4WP – A Google Tag Manager (GTM) is a robust tool designed to manage and deploy analytics and marketing tags effortlessly on your WordPress website. With its intuitive web UI, users can seamlessly integrate code snippets and track valuable data without manual intervention. This plugin enhances security measures, ensuring safe analytics deployment, and has successfully obtained the Plugin Security Certification (PSC) from CleanTalk, guaranteeing a secure environment for your website.
CVE-2024-1712 – Carousel Slider – Stored XSS to JS backdoor creation – POC

WordPress plugins often enhance website functionality, but occasionally harbor hidden vulnerabilities that compromise security. CVE-2024-1712 exposes such a flaw in Carousel Slider, enabling Stored XSS attacks with the potential to create JavaScript backdoors, imperiling website integrity (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).
CVE-2024-1846 – Responsive Tabs – Stored XSS to Admin Account Creation (Contributor+) – POC
Plugin Security Certification: “Activity Log” – Version 2.11.2: See logs with Enhanced Security

The Activity Log plugin is a comprehensive solution for monitoring and tracking activity on your WordPress website. Offering unparalleled insights into user actions within the WordPress admin, this plugin functions as a vital security measure, akin to an airplane’s black box, logging every activity for enhanced security and accountability. In this article, we explore the security features of the Activity Log plugin and its recognition through the “Plugin Security Certification” (PSC) from CleanTalk.