“Imagify – Optimize Images” version 2.2.6 has successfully achieved the Plugin Security Certification (PSC) from CleanTalk, marking it as a leader in secure image optimization for WordPress platforms.
A newly discovered vulnerability in the Easy Table of Contents WordPress plugin, designated as CVE-2024-7082, puts more than 500,000 sites at risk. This flaw allows attackers to exploit a Stored Cross-Site Scripting (XSS) vulnerability, which could lead to account takeovers and the installation of backdoors within a WordPress environment. The vulnerability primarily occurs due to the plugin’s failure to properly sanitize user inputs, enabling malicious JavaScript (JS) code to be injected into the site’s widget settings. Once exploited, this flaw can result in the execution of malicious scripts by unsuspecting administrators, giving attackers the opportunity to manipulate or control the website.
A significant vulnerability has been discovered in the widely-used Tracking Code Manager WordPress plugin, identified as CVE-2024-6335. With over 100,000 installations, this plugin has become a valuable tool for managing tracking scripts, but a serious security flaw allows attackers to exploit a Stored Cross-Site Scripting (XSS) vulnerability. This flaw enables attackers to embed malicious JavaScript (JS) code within the plugin, leading to account takeovers and potential backdoor creation. Improper sanitization of inputs is the primary cause of this vulnerability, putting numerous WordPress sites at risk of exploitation.
CVE-2024-6884 highlights a critical vulnerability in the popular Category Posts Widget plugin, which is available in both Free and PRO versions. With over 50,000 active installations, this plugin is widely used to enhance content display in WordPress sites by allowing the customization of category-based posts through widgets. However, during a routine security audit, researchers discovered a severe stored XSS vulnerability that could lead to account takeovers and even the creation of backdoors, especially when exploited by users with certain privileges.
Hi guys, I’d like to share some significant signals that tell about infection on a WordPress site. These data has been collected by our research team at CleanTalk. The team reviews up to 10k files weekly as well as we
The plugin is meticulously engineered to deliver reliability, scalability, and secure handling of user data. Recently, Events Manager has successfully undergone a rigorous security audit, earning the prestigious Plugin Security Certification (PSC) from CleanTalk, further solidifying its reputation as a secure solution for managing events on WordPress.
In an era where digital content creation via platforms like WordPress is ubiquitous, the importance of cybersecurity cannot be overstated. A recent discovery has brought to light a critical vulnerability in the “Gutenberg Blocks with AI by Kadence WP” plugin, a popular tool used by over 400,000 installations worldwide. (CVE-2024-6884)
The digital world is rife with threats, and the latest discovery in the WordPress plugin landscape underscores this reality. “Shortcodes Ultimate Pro,” a popular plugin with over 500,000 installations, has been found vulnerable to a severe security flaw, CVE-2024-6766. This vulnerability exposes websites to significant risks, impacting both their integrity and the safety of user data.
The “Yoast SEO” plugin, version 25.5, renowned for its comprehensive SEO capabilities, has now achieved the Plugin Security Certification (PSC) from CleanTalk, affirming its status as a secure SEO solution for WordPress sites.
The vulnerability, identified as CVE-2024-6710, was unearthed during routine security testing aimed at ensuring the integrity and safety of WordPress plugins. This vulnerability allows an attacker, specifically those with contributor access or higher, to execute Stored Cross-Site Scripting (XSS) attacks.