PSC

Elementor addon suites are security-relevant because they add a large amount of front-end rendering and stored widget configuration into WordPress. These plugins frequently process user-controlled strings (titles, labels, URLs, templates) and expose admin-side builders and settings that, if not defended correctly, can become paths to stored XSS, CSRF-driven configuration changes, privilege boundary issues, or information disclosure via misconfigured endpoints. Element Pack – Widgets, Templates & Addons for Elementor version 8.6.0 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64644, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for Elementor widget and template libraries.

Bug reporting tool & Website feedback – Spotfix (v1.0.4) is a lightweight WordPress plugin that enables users to submit contextual feedback directly on website pages. By allowing visitors to highlight specific elements and attach comments (“Spots”), the plugin transforms feedback into structured, actionable tasks.

Designed for websites running on WordPress, Spotfix integrates frontend interaction with backend task management via external services, enabling teams to track and resolve issues efficiently.

Because the plugin processes user-generated content, interacts with external APIs, and injects frontend JavaScript widgets, a comprehensive security audit was conducted.

MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (v4.1.3) is a powerful drag-and-drop form builder plugin designed to extend Elementor with advanced form creation capabilities. It allows users to build complex forms such as contact forms, surveys, booking forms, payment forms, and more without writing code.

Built for websites running on WordPress, MetForm integrates deeply into both frontend and backend workflows, handling user input, data storage, AJAX submissions, file uploads, and third-party integrations.

With over 600,000+ active installations, the plugin operates in a highly sensitive layer of application logic, making security a critical factor. A comprehensive source-code audit was conducted to evaluate its safety.

Performance and caching plugins are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that change how pages and assets are cached and served. Speed Optimizer – The All-In-One Performance-Boosting Plugin version 7.7.7 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64641, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for performance management and caching tooling.

Gallery plugins are security-relevant because they render user-controlled presentation data (titles, captions, alt text, links) across public pages and often provide rich admin-side builders and lightbox features. If output handling, access control, or request integrity is weak, attackers can target stored XSS through captions or settings, force configuration changes via CSRF, or expose media metadata through misprotected endpoints. Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64640, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for media gallery and front-end rendering plugins.

Author box plugins are security-relevant because they render user-controlled profile data across the site, often including author bio text, website links, and social profiles. If output encoding, access control, or request integrity is weak, these surfaces can become a path to stored XSS, unauthorized profile metadata exposure, or CSRF-driven settings changes. Simple Author Box version 2.59 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64639, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for author profile and bio display plugins.

File manager plugins are security-relevant by design because they provide direct filesystem access from wp-admin, including upload, download, edit, delete, and archive operations that normally require FTP or hosting panel access. If access control, request integrity, or path handling is weak, these features can become a shortcut to data exposure, site defacement, or availability impact. File Manager Pro – Filester version 2.0.2 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64638, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for WordPress file management tools.

MainWP Child – Securely Connects to the MainWP Dashboard (v6.0.5) is a WordPress plugin designed to establish a secure connection between individual WordPress sites and a self-hosted MainWP Dashboard. This architecture allows centralized management of multiple websites, including updates, backups, monitoring, and content administration.

Built for websites running on WordPress, the plugin acts as a controlled communication bridge between managed sites and the MainWP Dashboard.

Due to its role in remote management and cross-site communication, MainWP Child operates in a highly sensitive security context. As a result, a comprehensive security audit of its codebase and communication mechanisms was conducted.

Spectra Gutenberg Blocks (v2.19.21) is an advanced extension for the WordPress block editor (Gutenberg), providing over 30 customizable blocks, layout tools, templates, and UI components for building modern websites without coding.

Designed for websites running on WordPress, Spectra enhances the native editor instead of replacing it, allowing users to build feature-rich pages while maintaining compatibility with WordPress core architecture.

With over 1+ million active installations, Spectra operates at a critical layer of content rendering and user interaction. Due to its complexity and broad functionality (including dynamic content, forms, popups, and frontend rendering), a comprehensive security audit was conducted.

Caching integrations are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that impact how pages are cached and served. Aruba HiSpeed Cache version 3.0.10 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64635, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for hosting-cache and performance management plugins.