Plugin Security Certification: “Better Search Replace” – Version 1.4.6: Search/Replace What You Want with Enhanced Security

Plugin Security Certification: “Better Search Replace” – Version 1.4.6: Search/Replace What You Want with Enhanced Security

The “Better Search Replace” plugin has achieved the prestigious Plugin Security Certification (PSC) from CleanTalk, affirming its commitment to security and reliability. This certification ensures that the plugin adheres to the highest security standards, providing users with a secure and efficient tool for managing database operations during site migrations or other significant changes.

CVE-2024-4469 – WP-Staging | Migration Backup Restore – SSRF – POC

CVE-2024-4469 – WP-Staging | Migration Backup Restore – SSRF – POC

In the ever-evolving landscape of web security, the discovery of new vulnerabilities is a constant reminder of the necessity for vigilance. Recently, during the testing of the widely-used WP-Staging | Migration Backup Restore plugin for WordPress, a Server-Side Request Forgery (SSRF) vulnerability, designated as CVE-2024-4469, was identified. This vulnerability poses significant risks, as it can be exploited to scan local ports on the host server, potentially leading to further security breaches.

CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

CVE-2024-4057 – Gutenberg Blocks by Kadence Blocks – Stored XSS to Admin Account Creation (Contributor+) Critical-High – POC

In the ever-evolving landscape of web security, vulnerabilities in popular plugins can have widespread and severe consequences. A recent vulnerability, identified as CVE-2024-4057, has been discovered in the Gutenberg Blocks by Kadence Blocks plugin, a widely used tool with over 400,000 active installations. This critical-high vulnerability allows attackers to execute Stored Cross-Site Scripting (XSS) attacks, leading to admin account creation and potentially compromising the entire website.

CVE-2024-2220 – Button contact VR – Stored XSS to JS backdoor creation – POC

CVE-2024-2220 – Button contact VR – Stored XSS to JS backdoor creation – POC

In today’s digital age, security vulnerabilities in web applications can lead to severe consequences, including unauthorized access, data breaches, and loss of trust. One such critical vulnerability is the Stored Cross-Site Scripting (XSS) attack. This article explores a newly discovered Stored XSS vulnerability in the “Button Contact VR” WordPress plugin, identified as CVE-2024-2220. This flaw can allow attackers to embed malicious scripts, creating backdoors for account takeover, posing significant risks to website integrity and user data. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-4372 – Carousel Slider – Stored XSS to JS backdoor creation – POC

CVE-2024-4372 – Carousel Slider – Stored XSS to JS backdoor creation – POC

In a recent security assessment, a critical vulnerability, CVE-2024-4372, was discovered within the Carousel Slider WordPress plugin. This flaw exposes an alarming risk of Stored Cross-Site Scripting (XSS), paving the way for unauthorized access and potential website compromise. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-3939 – Ditty – Stored XSS to JS backdoor creation – POC

CVE-2024-3939 – Ditty – Stored XSS to JS backdoor creation – POC

A critical security vulnerability CVE-2024-3939 was discovered in the WordPress plugin Ditty, which was downloaded by more than 40k users. This vulnerability exposes websites to the risk of attacks using stored cross-site scripting (XSS), which can potentially lead to account hijacking and violation of the integrity of the website. (if an attacker has previously hacked into an administrator or editor account, they can use the backdoor to restore access)

CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

CVE-2024-2189 – Social Icons Widget & Block – Stored XSS to JS backdoor creation – POC

A critical security vulnerability, CVE-2024-2189, has been identified in the Social Icons Widget & Block WordPress plugin, which boasts over 100k installations. This vulnerability exposes websites to the risk of Stored Cross-Site Scripting (XSS) attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

CVE-2024-2744 – NextGEN Gallery – Stored XSS to JS backdoor creation – POC

A critical vulnerability, CVE-2024-2744, has been discovered in NextGen Gallery, a popular WordPress plugin with over 500 000+ installations. This flaw exposes websites to the risk of Stored XSS attacks, potentially leading to account takeover and compromising website integrity. (if an attacker has previously hijacked an administrator or editor account, he can plant a backdoor to regain access back).