Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Mar 30, 2026, 09:03:56
PSC-2026-64638	File Manager Pro – Filester SAFE & CERTIFIED	Mar 30, 2026, 11:03:47	Min 2.0.2 Max 2.0.2	File manager plugins are security-relevant by design because they provide direct filesystem access from wp-admin, including upload, download, edit, delete, and archive operations that normally require FTP or hosting panel access. If access control, request integrity, or path handling is weak, these features can become a shortcut to data exposure, site defacement, or availability impact. File Manager Pro – Filester version 2.0.2 has successfully completed the CleanTalk Plugin Security Certification process a...
PSC-2026-64639	Simple Author Box SAFE & CERTIFIED	Mar 30, 2026, 11:03:46	Min 2.59 Max 2.59	Author box plugins are security-relevant because they render user-controlled profile data across the site, often including author bio text, website links, and social profiles. If output encoding, access control, or request integrity is weak, these surfaces can become a path to stored XSS, unauthorized profile metadata exposure, or CSRF-driven settings changes. Simple Author Box version 2.59 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64639, confirming...
PSC-2026-64640	Customizable WordPress Gallery Plugin – Modula Image Gallery SAFE & CERTIFIED	Mar 30, 2026, 11:03:45	Min 2.14.22 Max 2.14.22	Gallery plugins are security-relevant because they render user-controlled presentation data (titles, captions, alt text, links) across public pages and often provide rich admin-side builders and lightbox features. If output handling, access control, or request integrity is weak, attackers can target stored XSS through captions or settings, force configuration changes via CSRF, or expose media metadata through misprotected endpoints. Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 has succe...
PSC-2026-64641	Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin SAFE & CERTIFIED	Mar 30, 2026, 11:03:43	Min 7.7.7 Max 7.7.7	Performance and caching plugins are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that change how pages and assets are cached and served. Speed Optimizer – The All-In-One Performance-Boosting Plugin version 7.7.7 has successfully...
CVE-2026-32443	Product Feed PRO for WooCommerce vulnerable	Mar 30, 2026, 10:03:07	Min - Max 13.5.2	Cross-Site Request Forgery (CSRF) vulnerability in Josh Kohlbach Product Feed PRO for WooCommerce woo-product-feed-pro allows Cross Site Request Forgery.This issue affects Product Feed PRO for WooCommerce: from n/a through <= 13.5.2.
CVE-2026-24373	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login vulnerable	Mar 30, 2026, 09:03:39	Min - Max 6.0.7.1	Incorrect Privilege Assignment vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Privilege Escalation.This issue affects RegistrationMagic: from n/a through <= 6.0.7.1.
CVE-2026-32385	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login vulnerable	Mar 30, 2026, 09:03:39	Min - Max 6.0.7.6	Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-32498	RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login vulnerable	Mar 30, 2026, 09:03:39	Min - Max 6.0.7.6	Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.
CVE-2026-32418	Gallery Block (Meow Gallery) vulnerable	Mar 30, 2026, 09:03:07	Min - Max 5.4.4	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jordy Meow Meow Gallery meow-gallery allows Blind SQL Injection.This issue affects Meow Gallery: from n/a through <= 5.4.4.
CVE-2026-32462	Master Addons for Elementor vulnerable	Mar 30, 2026, 09:03:00	Min - Max 2.1.3	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Liton Arefin Master Addons for Elementor master-addons allows DOM-Based XSS.This issue affects Master Addons for Elementor: from n/a through <= 2.1.3.

Recent approved applications
Application	Date	Description	Details
			Actual on: Mar 30, 2026, 09:03:56
File Manager Pro – Filester	Mar 30, 2026, 11:03:47	File manager plugins are security-relevant by design because they provide direct filesystem access from wp-admin, including upload, download, edit, delete, and archive operations that normally require FTP or hosting panel access. If access control, request integrity, or path handling is weak, these features can become a shortcut to data exposure, site defacement, or availability impact. File Manager Pro – Filester version 2.0.2 has successfully completed the CleanTalk Plugin Security Certification process a...
Simple Author Box	Mar 30, 2026, 11:03:46	Author box plugins are security-relevant because they render user-controlled profile data across the site, often including author bio text, website links, and social profiles. If output encoding, access control, or request integrity is weak, these surfaces can become a path to stored XSS, unauthorized profile metadata exposure, or CSRF-driven settings changes. Simple Author Box version 2.59 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64639, confirming...
Customizable WordPress Gallery Plugin – Modula Image Gallery	Mar 30, 2026, 11:03:45	Gallery plugins are security-relevant because they render user-controlled presentation data (titles, captions, alt text, links) across public pages and often provide rich admin-side builders and lightbox features. If output handling, access control, or request integrity is weak, attackers can target stored XSS through captions or settings, force configuration changes via CSRF, or expose media metadata through misprotected endpoints. Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 has succe...
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin	Mar 30, 2026, 11:03:43	Performance and caching plugins are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that change how pages and assets are cached and served. Speed Optimizer – The All-In-One Performance-Boosting Plugin version 7.7.7 has successfully...
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall	Mar 27, 2026, 11:03:54	Security plugins are uniquely sensitive in WordPress because they operate with high privilege, touch authentication and request filtering, and often integrate with external scanning and firewall services. If access control, request integrity, or output handling is weak, attackers may force configuration changes via CSRF, abuse endpoints to leak site security metadata, or inject malicious content into admin-facing reports. MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall versio...
Migrate Guru: Migrate & Clone WordPress Free	Mar 27, 2026, 11:03:53	Migration plugins are security-relevant because they operate with high privilege, touch both the filesystem and the database, and often require sensitive destination details like FTP/cPanel credentials or a migration key. If access control, request integrity, or input/output handling is weak, attackers may trigger unauthorized migrations, leak migration metadata, force configuration changes via CSRF, or abuse migration logic to cause resource exhaustion. Migrate Guru – Site Migration & Cloning version 6.28 ...
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, P	Mar 27, 2026, 11:03:52	Slider and page builder addons expand the WordPress attack surface because they introduce rich front-end rendering, store complex widget settings, and often allow custom styling or script-like configuration through builder controls. In practice, weaknesses here most commonly translate into stored XSS through unsafe output, CSRF-driven settings changes, unauthorized access to editing features, or information disclosure via misprotected endpoints and diagnostics. Prime Slider – Addons for Elementor version 4....
Aruba HiSpeed Cache	Mar 27, 2026, 11:03:51	Caching integrations are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that impact how pages are cached and served. Aruba HiSpeed Cache version 3.0.10 has successfully completed the CleanTalk Plugin Security Certification process...
Cloudflare	Mar 27, 2026, 11:03:51	CDN and caching integrations are security-relevant because they introduce privileged configuration flows inside wp-admin, handle API tokens, and can directly affect availability and security posture at the edge. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive integration metadata, or manipulate settings that impact how the site is protected and cached. Cloudflare version 4.14.2 has successfully completed the CleanT...
SpeedyCache – Cache, Optimization, Performance	Mar 18, 2026, 17:03:23	SpeedyCache – Cache, Optimization, Performance (v1.3.7) is a WordPress performance plugin designed to improve website speed through caching, minification, compression, and resource optimization. By generating static cache files and optimizing frontend assets, the plugin reduces server load and accelerates page delivery. Built for websites running on WordPress, SpeedyCache provides a comprehensive optimization toolkit while maintaining compatibility with shared hosting environments and CDN integrations. Gi...

Recent vulnerability researches

Recent approved applications