AntiSpam Bee is a plugin that removes spam in comments on your blogs on WordPress sites. The plugin is popular and has 700 thousand users worldwide. AntiSpam Bee effectively removes spam comments and trackbacks. During the verification of the plugin for vulnerabilities and errors by the Cleantalk team, the plugin receives the PSC-2024-64549 certificate.
Email Subscribers by Icegram Express is a popular WordPress plugin designed to help website administrators manage email subscriptions and send automated notifications, such as confirmation emails and newsletters. However, CVE-2024-125678 has been identified as a critical vulnerability in the plugin that allows attackers to inject malicious JavaScript into the email content field of a new workflow. The injected script can lead to a backdoor creation, allowing attackers to hijack admin sessions or escalate their privileges to take full control of the WordPress site. With over 100,000 active installations, this vulnerability poses a significant risk to WordPress websites that rely on Email Subscribers for their subscription management.
Loginizer is a powerful solution for protecting WordPress websites against brute force attacks and other security threats. Actively used on more than 1 million websites, Loginizer offers a wide range of features to enhance login security and safeguard the admin panel and user accounts.
Email Subscribers by Icegram Express is a widely used WordPress plugin for collecting and managing email subscribers, as well as sending newsletters, notifications, and other updates. A critical Stored Cross-Site Scripting (XSS) vulnerability, CVE-2024-12567, has been discovered in this plugin. The vulnerability allows attackers to inject malicious JavaScript into form fields, which can lead to account takeover and the creation of a backdoor admin account. With over 100,000 active installations, this flaw represents a significant security risk to WordPress websites using the Email Subscribers plugin.
Email Subscribers by Icegram Express is a popular WordPress plugin that enables website owners to collect email subscribers and send newsletters, notifications, and updates. However, CVE-2024-12566 has been identified as a serious Stored Cross-Site Scripting (XSS) vulnerability within the plugin. This flaw allows attackers with editor-level access to inject malicious JavaScript code into a form’s “Show message” field. Once the malicious script is embedded, it can lead to session hijacking or the creation of a backdoor admin account. With over 100,000 active installations, this vulnerability poses a significant risk for WordPress websites using Email Subscribers by Icegram Express.
Rank Math SEO is a state-of-the-art plugin designed to simplify and enhance search engine optimization (SEO) for WordPress websites. Its use of artificial intelligence (AI) sets it apart, providing advanced tools to automate and optimize SEO tasks. However, alongside its powerful functionality, it is crucial to assess the plugin’s security practices to ensure safe deployment on websites.
The Polylang plugin is a powerful tool designed to create multilingual WordPress websites. With support for an unlimited number of languages, automatic integration with WordPress core features, and seamless performance, it has become a go-to solution for developers and site administrators alike. However, as with any plugin, security is paramount, and Polylang stands out for its commitment to safe coding practices.
Email Subscribers by Icegram Express is a widely used WordPress plugin designed to help website administrators collect and manage email subscribers, as well as send newsletters and email notifications. However, a critical vulnerability has been found in the plugin, CVE-2024-11636, which allows attackers with editor-level access to inject malicious JavaScript into form fields. This stored Cross-Site Scripting (XSS) vulnerability can lead to account takeover by creating a backdoor that allows unauthorized users to gain full control of the site. With over 100,000 active installations, this flaw represents a serious security risk for WordPress sites using the plugin.
The reCaptcha by BestWebSoft plugin is a robust security solution designed to protect WordPress forms from spam and bot-driven attacks. By integrating seamlessly with various forms, including login, registration, comments, and custom forms, the plugin ensures only legitimate users can access your website’s functionalities while blocking automated threats.
Robo Gallery, a popular WordPress plugin used for displaying photo galleries and sliders, contains a critical vulnerability, CVE-2024-10102. This flaw allows attackers to inject malicious JavaScript code into the plugin’s settings via a simple stored Cross-Site Scripting (XSS) attack. The vulnerability can be exploited by users with contributor privileges, enabling them to create a backdoor in the WordPress admin area. This backdoor can then be used to hijack admin accounts, potentially gaining full control of the website. With over 50,000 active installations, this vulnerability poses a significant risk to sites using Robo Gallery.