Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Jan 19, 2026, 13:01:55
PSC-2026-64598	WP Multibyte Patch SAFE & CERTIFIED	Jan 16, 2026, 16:01:44	Min 2.9.3 Max 2.9.3	WP Multibyte Patch v2.9.3 has successfully passed the CleanTalk Plugin Security Certification (PSC-2025-64598). This certification confirms that the plugin’s codebase was reviewed and validated against a broad range of high-impact vulnerability classes, ensuring it can be used confidently in production environments.
CVE-2025-12820	Pure WC Variation Swatches vulnerable	Jan 11, 2026, 12:01:53	Min - Max 1.1.7	The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them.
CVE-2025-62088	WP Scraper vulnerable	Jan 11, 2026, 12:01:21	Min - Max 1.0.7	Server-Side Request Forgery (SSRF) vulnerability in extendons WordPress & WooCommerce Scraper Plugin, Import Data from Any Site allows Server Side Request Forgery.This issue affects WordPress & WooCommerce Scraper Plugin, Import Data from Any Site: from n/a through 1.0.7.
CVE-2025-68596	Chat Widget: Customer Support Button with SMS Call Button, Click to Chat Messenger Live Chat Support Chat Button – Bit As vulnerable	Jan 11, 2026, 12:01:18	Min - Max 1.5.11	Missing Authorization vulnerability in Bit Apps Bit Assist bit-assist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bit Assist: from n/a through <= 1.5.11.
CVE-2025-69093	Free Follow-Up Emails & Marketing Automation for WooCommerce – ShopMagic vulnerable	Jan 11, 2026, 12:01:16	Min - Max 4.7.2	Missing Authorization vulnerability in wpdesk ShopMagic shopmagic-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShopMagic: from n/a through <= 4.7.2.
CVE-2025-68571	SALESmanago vulnerable	Jan 11, 2026, 12:01:16	Min - Max 3.9.0	Missing Authorization vulnerability in SALESmanago SALESmanago salesmanago allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALESmanago: from n/a through <= 3.9.0.
CVE-2025-14054	WC Builder – WooCommerce Page Builder for WPBakery vulnerable	Jan 11, 2026, 12:01:15	Min - Max 1.2.1	The WC Builder – WooCommerce Page Builder for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'heading_color' parameter (and multiple other styling parameters) of the `wpbforwpbakery_product_additional_information` shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject arbitrary web scripts in pages that will exe...
CVE-2025-68533	WC Builder – WooCommerce Page Builder for WPBakery vulnerable	Jan 11, 2026, 12:01:15	Min - Max 1.2.0	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes WC Builder wc-builder allows Stored XSS.This issue affects WC Builder: from n/a through <= 1.2.0.
CVE-2025-62926	TempTool [Show Current Template Info] vulnerable	Jan 11, 2026, 11:01:55	Min - Max 1.3.1	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HappyDevs TempTool allows Stored XSS.This issue affects TempTool: from n/a through 1.3.1.
CVE-2025-12883	Campay Woocommerce Payment Gateway vulnerable	Jan 11, 2026, 11:01:10	Min - Max 1.2.2	The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for unauthenticated attackers to bypass payments and mark orders as successfully completed resulting in a loss of income.

Recent approved applications
Application	Date	Description	Details
			Actual on: Jan 19, 2026, 13:01:55
WP Multibyte Patch	Jan 16, 2026, 16:01:44	WP Multibyte Patch v2.9.3 has successfully passed the CleanTalk Plugin Security Certification (PSC-2025-64598). This certification confirms that the plugin’s codebase was reviewed and validated against a broad range of high-impact vulnerability classes, ensuring it can be used confidently in production environments.
Redis Object Cache	Sep 17, 2025, 11:09:45	Redis Object Cache 2.6.5 is a persistent object cache backend powered by Redis, designed to enhance WordPress performance and scalability. It supports multiple PHP clients such as Predis, PhpRedis (PECL), and Relay, while offering advanced features like replication, sentinels, clustering, and seamless WP-CLI integration. Administrators can configure connection parameters, customize key prefixes, and set up replication or clustering to ensure optimal performance and reliability. For enterprise environments...
PDF Embedder	Sep 11, 2025, 11:09:45	PDF Embedder is a powerful WordPress plugin that allows you to upload and embed PDF files directly into posts and pages, offering seamless document presentation with responsive design. Unlike other plugins that rely on iframes, PDF Embedder uses a unique JavaScript-based rendering method that gives site administrators complete control over the look, sizing, and navigation of embedded PDFs. The plugin ensures that all PDF files and associated scripts are served from your own server, guaranteeing both faster...
Category Order and Taxonomy Terms Order	Sep 08, 2025, 11:09:45	Category Order and Taxonomy Terms Order is a lightweight yet powerful WordPress plugin that enables administrators to reorder categories and custom taxonomy terms with a drag-and-drop interface. Developed by Nsp-Code, this plugin enhances site structure and usability without requiring theme or plugin modifications. While primarily a tool for content organization, it also interacts directly with queries and the WordPress admin environment—areas where poorly implemented code could create vulnerabilities. Tha...
Meta pixel for WordPress	Sep 05, 2025, 10:09:48	Meta Pixel for WordPress is a lightweight and powerful plugin that allows website owners to easily integrate the Meta Pixel (formerly Facebook Pixel) into their WordPress site. With this plugin, site administrators can track critical events such as Lead, ViewContent, AddToCart, InitiateCheckout, and Purchase, while also leveraging the Conversions API for more reliable data collection. By combining the Pixel with the Conversions API, businesses can establish a direct, server-to-server connection with Meta s...
WP-PageNavi	Sep 05, 2025, 10:09:44	WP-PageNavi is one of the most widely used plugins for adding advanced paging navigation to WordPress. Instead of the basic “Older posts \| Newer posts” links, it provides a more user-friendly and customizable pagination interface that improves navigation across archives, blogs, and multipage posts. With a long-standing reputation for reliability, WP-PageNavi is trusted by thousands of site owners to enhance usability. Now, with the Plugin Security Certification (PSC-2025-64594) by CleanTalk, WP-PageNavi ha...
Redux Framework	Aug 28, 2025, 11:08:45	The Redux Framework has long been the go-to options framework for WordPress developers. It provides an extensible, fully responsive environment for building option panels, customizer controls, and advanced UI fields for themes and plugins. By saving developers months of work, Redux accelerates innovation while maintaining a clean, standards-based architecture. With the release of version 4.5.7, Redux Framework has officially achieved the Plugin Security Certification (PSC-2025-64592) by CleanTalk, confirmi...
GDPR Cookie Compliance (CCPA, DSGVO, Cookie Consent)	Aug 26, 2025, 10:08:33	Ensuring compliance with GDPR, CCPA, DSGVO, and other global privacy regulations is critical for every WordPress-powered website. The GDPR Cookie Compliance plugin (v5.0.9) provides an all-in-one solution for cookie consent management, offering flexibility, transparency, and full compliance with international data protection laws. With its latest achievement, the plugin has been awarded the Plugin Security Certification (PSC-2025-64591) by CleanTalk, guaranteeing that its codebase is secure, hardened, and ...
WP Activity Log	Aug 21, 2025, 21:08:55	WP Activity Log is a powerful WordPress plugin designed to provide detailed, real-time logging of all activities across your WordPress sites and multisite networks. From user login attempts to changes in posts, plugins, themes, and settings, this plugin gives administrators full visibility into everything that happens on their websites. With its granular event tracking, WP Activity Log helps site owners improve security, accountability, compliance, and troubleshooting. Administrators can detect suspicious ...
Superb Addons – WordPress Editor Blocks & Patterns and Elementor Sections & Elements	Aug 21, 2025, 13:08:55	Now, with its successful completion of the Plugin Security Certification (PSC-2025-64588) by CleanTalk, Superb Addons not only delivers cutting-edge features but also guarantees code-level security and reliability. This certification proves that the plugin has been rigorously tested against the most common and dangerous vulnerabilities in the WordPress ecosystem.

Recent vulnerability researches

Recent approved applications