| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Feb 18, 2026, 11:02:22 | ||||
|
Contact Form 7 Database Addon – CFDB7
SAFE & CERTIFIED
|
Feb 17, 2026, 12:02:22 |
Min 1.3.5
Max 1.3.5
|
Collecting form submissions is valuable, but storing them inside WordPress also creates a high value target because entries often include names, emails, phone numbers, messages, and sometimes sensitive business context. Database Addon for Contact Form 7 version 1.3.5 has successfully completed the CleanTalk Plugin Security Certificationprocess and received PSC-2026-64611, confirming that the plugin was reviewed from a secure code perspective with attention to the most common exploitation paths for data capt... | |
|
GoSMTP – SMTP for WordPress
SAFE & CERTIFIED
|
Feb 17, 2026, 12:02:07 |
Min 1.1.8
Max 1.1.8
|
Email delivery is business critical, but email sending plugins also sit on a sensitive boundary where they handle SMTP credentials, API keys, admin side settings, and in some cases email logs that can contain personal data. GoSMTP version 1.1.8 has successfully completed the CleanTalk Plugin Security Certification program and received PSC-2026-64610, confirming that the plugin was assessed with a strong focus on secure coding practices and common real world WordPress attack paths. | |
|
SAFE & CERTIFIED
|
Feb 16, 2026, 09:02:52 |
Min 4.64.6
Max 4.64.6
|
User Role Editor v4.64.6 is a widely used WordPress administration plugin that lets site owners manage roles and capabilities through a clear checkbox based interface, making it easy to add, remove, clone, and delete roles while also supporting per user capability assignments and multisite networks. Because role and capability management directly governs access control across WordPress, any weakness in implementation could have severe impact, including unauthorized privilege changes or admin takeover paths.... | |
|
SAFE & CERTIFIED
|
Feb 11, 2026, 11:02:30 |
Min 2.4.3
Max 2.4.3
|
Post Types Order v2.4.3 is a widely adopted WordPress plugin with over 12 million downloads that gives site owners precise control over how posts and custom post types are ordered using a clean drag and drop workflow inside WordPress. Because ordering affects query behavior and admin interfaces, a plugin like this sits close to core content retrieval and display logic, which makes secure implementation essential. Post Types Order has passed CleanTalk Plugin Security Certification under PSC-2026-64608, confi... | |
|
SAFE & CERTIFIED
|
Feb 09, 2026, 09:02:51 |
Min 3.9.5
Max 3.9.5
|
Code Snippets (v3.9.5) is one of the most practical productivity plugins in the WordPress ecosystem because it lets site owners add and manage custom functionality as “mini-plugins” without touching functions.php – and now it also comes with verified trust: it has earned CleanTalk’s Plugin Security Certification (PSC-2026-64607), confirming that its codebase and security boundaries hold up under real-world scrutiny, even though it operates in a category (code execution / site customization) where security d... | |
|
SAFE & CERTIFIED
|
Feb 05, 2026, 12:02:29 |
Min 1.4.6
Max 1.4.6
|
WP Fastest Cache (v1.4.6) is a performance-focused WordPress caching and optimization plugin built to reduce server load, accelerate page delivery, and improve real-world metrics like Google PageSpeed and Core Web Vitals—and now it has also proven its security posture by successfully earning CleanTalk’s Plugin Security Certification (PSC-2026-64606), confirming that speed gains don’t come at the cost of safe code, safe defaults, and hardened behavior in high-traffic environments. | |
|
Translate WordPress with GTranslate
SAFE & CERTIFIED
|
Feb 04, 2026, 12:02:33 |
Min 3.0.9
Max 3.0.9
|
Translate WordPress with GTranslate (v3.0.9) is a multilingual WordPress solution that uses Google Translate automatic translation to make a site available in 103 languages, dramatically expanding reach to more than 99% of internet users. Since GTranslate has been providing website translation services since 2008, the plugin is built around a mature translation platform and a cloud-based approach that aims to keep the WordPress site fast—translations are delivered without heavy on-site processing. In paid e... | |
|
Wordfence Security – Firewall, Malware Scan, and Login Security
SAFE & CERTIFIED
|
Feb 04, 2026, 12:02:12 |
Min 8.1.4
Max 8.1.4
|
Wordfence Security (v8.1.4) is one of the most widely deployed WordPress security plugins, combining an endpoint Web Application Firewall (WAF), malware scanning, login hardening (including 2FA), and centralized monitoring capabilities through Wordfence Central. Because a security plugin operates at the most sensitive layers of a WordPress site—authentication flows, request filtering, filesystem integrity checks, and threat detection—its own code integrity and safety are absolutely crucial. That’s why Wordf... | |
|
vulnerable
|
Feb 03, 2026, 16:02:17 |
Min -
Max 1.1.2
|
The Simple Folio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the '_simple_folio_item_client_name' and '_simple_folio_item_link' meta fields in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |
|
SAFE & CERTIFIED
|
Feb 03, 2026, 10:02:34 |
Min 3.5.2
Max 3.5.2
|
Google for WooCommerce (v3.5.2) is a commerce-focused extension that connects your WooCommerce store to Google’s ecosystem – most importantly Google Merchant Center, Google Ads (Performance Max), and Google tag / conversion tracking – so product data stays synchronized and campaigns can be launched and optimized from within WordPress. Because this plugin touches high-value surfaces (product feeds, pricing/inventory updates, ad attribution, and privacy-conscious conversion signals), security and data integri... | |