cleantalk

Vulnerabilities and Security Researches

Recent vulnerability researches

CVE/PSC Application Date Affected versions Description
Actual on: Oct 19, 2025, 18:10:51

CVE-2025-58023

Genealogical Tree – WordPress Family Tree

vulnerable

Oct 12, 2025, 03:10:31
Min -
Max 2.2.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in akdevs Genealogical Tree allows Stored XSS. This issue affects Genealogical Tree: from n/a through 2.2.5.

CVE-2025-57967

WPB Quick View Popup for WooCommerce – Display Product Informations in Popup on Button Click

vulnerable

Oct 12, 2025, 03:10:28
Min -
Max 2.1.8
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBean WPB Quick View for WooCommerce allows Stored XSS. This issue affects WPB Quick View for WooCommerce: from n/a through 2.1.8.

CVE-2025-9860

Mixtape

vulnerable

Oct 12, 2025, 03:10:27
Min -
Max 1.1
The Mixtape plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mixtape' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-58996

Advanced Settings

vulnerable

Oct 12, 2025, 03:10:24
Min -
Max 3.2.0
Advanced Settings 3 [advanced-settings] < 3.2.0 CVE-2025-58996

CVE-2025-8560

FancyTabs

vulnerable

Oct 12, 2025, 03:10:21
Min -
Max 1.1.0
The FancyTabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-58648

Simple JWT Login &#8211; Login and Register to WordPress using JWT

vulnerable

Oct 12, 2025, 03:10:19
Min -
Max 3.6.4
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nicu Micle Simple JWT Login allows Stored XSS. This issue affects Simple JWT Login: from n/a through 3.6.4.

CVE-2025-5801

Digital Events Calendar

vulnerable

Oct 12, 2025, 03:10:14
Min -
Max 1.0.8
The Digital Events Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘column’ parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-8691

WP Scriptcase

vulnerable

Oct 12, 2025, 03:10:13
Min -
Max 2.0.0
The WP Scriptcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-58239

WP Category Dropdown

vulnerable

Oct 12, 2025, 03:10:11
Min -
Max 1.9
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chandrika Sista WP Category Dropdown allows Stored XSS. This issue affects WP Category Dropdown: from n/a through 1.9.

CVE-2025-8394

Local Fonts, Typography and Breadcrumb&#8230;

vulnerable

Oct 12, 2025, 03:10:10
Min -
Max 1.1.25
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's display_productive_breadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Recent approved applications

Application Date Description Details
Actual on: Oct 19, 2025, 18:10:51

Redis Object Cache

Sep 17, 2025, 11:09:45 Redis Object Cache 2.6.5 is a persistent object cache backend powered by Redis, designed to enhance WordPress performance and scalability. It supports multiple PHP clients such as Predis, PhpRedis (PECL), and Relay, while offering advanced features like replication, sentinels, clustering, and seamless WP-CLI integration. Administrators can configure connection parameters, customize key prefixes, and set up replication or clustering to ensure optimal performance and reliability. For enterprise environments...

PDF Embedder

Sep 11, 2025, 11:09:45 PDF Embedder is a powerful WordPress plugin that allows you to upload and embed PDF files directly into posts and pages, offering seamless document presentation with responsive design. Unlike other plugins that rely on iframes, PDF Embedder uses a unique JavaScript-based rendering method that gives site administrators complete control over the look, sizing, and navigation of embedded PDFs. The plugin ensures that all PDF files and associated scripts are served from your own server, guaranteeing both faster...

Category Order and Taxonomy Terms Order

Sep 08, 2025, 11:09:45 Category Order and Taxonomy Terms Order is a lightweight yet powerful WordPress plugin that enables administrators to reorder categories and custom taxonomy terms with a drag-and-drop interface. Developed by Nsp-Code, this plugin enhances site structure and usability without requiring theme or plugin modifications. While primarily a tool for content organization, it also interacts directly with queries and the WordPress admin environment—areas where poorly implemented code could create vulnerabilities. Tha...

Meta pixel for WordPress

Sep 05, 2025, 10:09:48 Meta Pixel for WordPress is a lightweight and powerful plugin that allows website owners to easily integrate the Meta Pixel (formerly Facebook Pixel) into their WordPress site. With this plugin, site administrators can track critical events such as Lead, ViewContent, AddToCart, InitiateCheckout, and Purchase, while also leveraging the Conversions API for more reliable data collection. By combining the Pixel with the Conversions API, businesses can establish a direct, server-to-server connection with Meta s...

WP-PageNavi

Sep 05, 2025, 10:09:44 WP-PageNavi is one of the most widely used plugins for adding advanced paging navigation to WordPress. Instead of the basic “Older posts | Newer posts” links, it provides a more user-friendly and customizable pagination interface that improves navigation across archives, blogs, and multipage posts. With a long-standing reputation for reliability, WP-PageNavi is trusted by thousands of site owners to enhance usability. Now, with the Plugin Security Certification (PSC-2025-64594) by CleanTalk, WP-PageNavi ha...

Redux Framework

Aug 28, 2025, 11:08:45 The Redux Framework has long been the go-to options framework for WordPress developers. It provides an extensible, fully responsive environment for building option panels, customizer controls, and advanced UI fields for themes and plugins. By saving developers months of work, Redux accelerates innovation while maintaining a clean, standards-based architecture. With the release of version 4.5.7, Redux Framework has officially achieved the Plugin Security Certification (PSC-2025-64592) by CleanTalk, confirmi...

GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)

Aug 26, 2025, 10:08:33 Ensuring compliance with GDPR, CCPA, DSGVO, and other global privacy regulations is critical for every WordPress-powered website. The GDPR Cookie Compliance plugin (v5.0.9) provides an all-in-one solution for cookie consent management, offering flexibility, transparency, and full compliance with international data protection laws. With its latest achievement, the plugin has been awarded the Plugin Security Certification (PSC-2025-64591) by CleanTalk, guaranteeing that its codebase is secure, hardened, and ...

WP Activity Log

Aug 21, 2025, 21:08:55 WP Activity Log is a powerful WordPress plugin designed to provide detailed, real-time logging of all activities across your WordPress sites and multisite networks. From user login attempts to changes in posts, plugins, themes, and settings, this plugin gives administrators full visibility into everything that happens on their websites. With its granular event tracking, WP Activity Log helps site owners improve security, accountability, compliance, and troubleshooting. Administrators can detect suspicious ...

Superb Addons &#8211; WordPress Editor Blocks &amp; Patterns and Elementor Sections &amp; Elements

Aug 21, 2025, 13:08:55 Now, with its successful completion of the Plugin Security Certification (PSC-2025-64588) by CleanTalk, Superb Addons not only delivers cutting-edge features but also guarantees code-level security and reliability. This certification proves that the plugin has been rigorously tested against the most common and dangerous vulnerabilities in the WordPress ecosystem.

PHP Compatibility Checker

Aug 21, 2025, 09:08:19 PHP Compatibility Checker is a WordPress plugin developed by WP Engine that helps site administrators and developers analyze their WordPress themes and plugins for compatibility with modern PHP versions. As WordPress continues to evolve, maintaining compatibility with supported PHP versions is a crucial factor for both performance and security. Outdated PHP releases no longer receive security updates, leaving websites at risk of vulnerabilities. This plugin empowers users to safely transition to newer PHP ...