cleantalk

Vulnerabilities and Security Researches

Recent vulnerability researches

CVE/PSC Application Date Affected versions Description
Actual on: Aug 01, 2025, 19:08:13

CVE-2025-54672

Photo Engine (Media Organizer & Lightroom)

vulnerable

Aug 01, 2025, 16:08:23
Min -
Max 6.4.4
Photo Engine (Media Organizer &amp; Lightroom) [wplr-sync] < 6.4.4 CVE-2025-54672

CVE-2025-28979

WP Pipes

vulnerable

Aug 01, 2025, 16:08:03
Min -
Max 1.4.3
WP Pipes [wp-pipes] <= 1.4.3 (unfixed) CVE-2025-28979

CVE-2025-54703

Integrate Google Drive &#8211; Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Y

vulnerable

Aug 01, 2025, 15:08:50
Min -
Max 1.5.3
File Manager for Google Drive &#8211; Integrate Google Drive with WordPress [integrate-google-drive] < 1.5.3 CVE-2025-54703

CVE-2025-5684

Metform Elementor Contact Form Builder

vulnerable

Aug 01, 2025, 15:08:43
Min -
Max 4.0.2
The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `mf-template` DOM Element in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-8196

Magical Addons For Elementor ( Header Footer Builder, Free Elementor Widgets, Elementor Templates Library )

vulnerable

Aug 01, 2025, 15:08:40
Min -
Max 1.3.9
The Magical Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Custom Attributes in all versions up to, and including, 1.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-8216

Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart)

vulnerable

Aug 01, 2025, 15:08:26
Min -
Max 3.2.0
The Sky Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Multiple widgets in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-48151

CM Map Locations = Google Maps &amp; Store Locator

vulnerable

Aug 01, 2025, 15:08:12
Min -
Max 2.1.7
CM Map Locations &#8211; Visualize and share your locations in a few clicks [cm-map-locations] < 2.1.7 CVE-2025-48151

CVE-2025-54675

YITH WooCommerce Popup

vulnerable

Aug 01, 2025, 15:08:02
Min -
Max 1.48.1
YITH WooCommerce Popup [yith-woocommerce-popup] < 1.48.1 CVE-2025-54675

CVE-2025-8151

HT Mega &#8211; Absolute Addons For Elementor

vulnerable

Aug 01, 2025, 15:08:02
Min -
Max 2.9.2
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.9.1 via the 'save_block_css' function. This makes it possible for authenticated attackers, with Author-level access and above, to create CSS files in any directory, and delete CSS files in any directory in a Windows environment.

CVE-2025-8401

HT Mega &#8211; Absolute Addons For Elementor

vulnerable

Aug 01, 2025, 15:08:02
Min -
Max 2.9.2
The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.9.1 via the 'get_post_data' function. This makes it possible for authenticated attackers, with Author-level access and above, to extract sensitive data including the content of private, password-protected, and draft posts and pages.

Recent approved applications

Application Date Description Details
Actual on: Aug 01, 2025, 19:08:13

SiteGuard WP Plugin

Jun 28, 2025, 20:06:19 <p>You can find docs, FAQ and more detailed information on <a href="https://www.jp-secure.com/siteguard_wp_plugin_en/" rel="nofollow ugc">English Page</a> <a href="https://www.jp-secure.com/siteguard_wp_plugin/" rel="nofollow ugc">Japanese Page</a>.</p> <p>Simply install the SiteGuard WP Plugin, WordPress security is improved.<br /> This plugin is a security plugin that specializes in the login attack of brute force, such as protection and management capabilities.</p> <p>Notes</p> <ul> <li>It does not suppo...

EWWW Image Optimizer

Jun 25, 2025, 19:06:42 <p>Are you frustrated by a slow website? Do over-sized images make you say &#8220;ewww&#8221;&#8230; Let EWWW Image Optimizer help you make your site faster, improve your bounce rate, and boost your SEO. But most importantly, make your visitors happier so they keep coming back for more.</p> <p>With EWWW IO you can optimize all your existing images, <a href="https://docs.ewww.io/article/84-plugin-compatibility" rel="nofollow ugc">from any plugin</a>, and then let EWWW IO take care of new image uploads automa...

Table of Contents Plus

Jun 19, 2025, 00:06:06 <p>A powerful yet user friendly plugin that automatically creates a context specific index or table of contents (TOC) for long pages (and custom post types). More than just a table of contents plugin, this plugin can also output a sitemap listing pages and/or categories across your entire site.</p> <p>Built from the ground up and with Wikipedia in mind, the table of contents by default appears before the first heading on a page. This allows the author to insert lead-in content that may summarise or introd...

Solid Security – Password, Two Factor Authentication, and Brute Force Protection

May 29, 2025, 17:05:55 <h4>Reduce your WordPress website’s risk to nearly zero with Solid Security</h4> <p><a href="https://go.solidwp.com/wporg-security-ithemes" rel="nofollow ugc">Formerly iThemes Security. Looking for iThemes? Learn more here.</a></p> <p>On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24/7/365 threat.</p> <p>You need a proactive, strategic approach to WordPress website s...

WP Statistics

May 27, 2025, 20:05:03 <h4>WP Statistics: THE #1 WORDPRESS STATISTICS PLUGIN</h4> <p>Do you need a simple tool to know your website statistics? Do you need to represent these statistics? Are you caring about your users’ privacy while analyzing who are interested in your business or website? With WP Statistics you can know your website statistics without any need to send your users’ data anywhere. You can know how many people visit your personal or business website, where they’re coming from, what browsers and search engines they ...

Hostinger

May 27, 2025, 20:05:00 <p>Hostinger&#8217;s Onboarding Plugin transforms the way you <a href="https://www.hostinger.com/tutorials/launch-a-wordpress-site" rel="nofollow ugc">launch your WordPress site</a>. Crafted for an effortless user experience, it guides you through the essential steps of website setup and personalization. Whether you&#8217;re adjusting settings or exploring new tools, a single click is all it takes to guide you to the right place.</p> <p>Dive into a hassle-free WordPress setup by installing our plugin. Here&...

BackWPup &#8211; WordPress Backup Plugin

May 27, 2025, 19:05:57 <p>The <strong>backup plugin</strong> <strong><a href="https://backwpup.com/" rel="nofollow ugc">BackWPup</a></strong> can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like <strong>Dropbox</strong>, <strong>S3</strong>, <strong>FTP</strong> and many more, see list below. With a single backup .zip file you are able to easily restore an installation.</p> <p>Please understand: this free version will not be supported as well as the <a href="https...

Header Footer Code Manager

May 20, 2025, 20:05:00 <p>Header Footer Code Manager by 99 Robots is a easy interface to add snippets to the header or footer or above or below the content of your page.</p> <h4>BENEFITS</h4> <ul> <li>Never have to worry about inadvertently breaking your site by adding code</li> <li>Avoid inadvertently placing snippets in the wrong place</li> <li>Eliminate the need for a dozen or more silly plugins just to add a small code snippet &#8211; Less plugins is always better!</li> <li>Never lose your code snippets when switching or chan...

Widgets for Google Reviews

May 06, 2025, 19:05:29 <p>Display your <strong>Google Reviews</strong> for free with our responsive widgets in 2 minutes.</p> <p>The plugin displays your <strong>Google Reviews</strong> in amazing predesigned widgets. You can simply create and display your own widgets, and filter your reviews to build customers&#8217; trust and increase SEO.</p> <div class="embed-vimeo" style="text-align: center;"><iframe loading="lazy" src="https://player.vimeo.com/video/506419798" width="640" height="360" frameborder="0" webkitallowfullscreen m...

JetBackup &#8211; WP Backup, Migrate &amp; Restore

May 05, 2025, 10:05:34 <p>JetBackup is the most complete backup and migration choice for WordPress. We offer the easiest way to <strong>backup</strong>, <strong>restore</strong> and <strong>migrate</strong> your WordPress based website or blog. You can backup/migrate your files, database or both.</p> <p>Download <strong>JetBackup premium versions</strong> here: <a href="https://www.jetbackup.com/jetbackup-for-wordpress" rel="nofollow ugc">https://www.jetbackup.com/jetbackup-for-wordpress</a>.</p> <h4>See JetBackup in Action Here!...