Vulnerabilities and Security Researches

Recent vulnerability researches
CVE/PSC	Application	Date	Affected versions	Description
			Actual on: Apr 11, 2026, 05:04:44
PSC-2024-64527	Security & Malware scan by CleanTalk SAFE & CERTIFIED	Apr 03, 2026, 11:04:16	Min 2.176 Max 2.176	The Security & Malware Scan by CleanTalk plugin (version 2.176) has received the prestigious Plugin Security Certification (PSC) from CleanTalk. This powerful plugin provides comprehensive protection to WordPress websites by scanning for malware, blocking brute-force attacks, filtering unwanted traffic, and protecting your site from online threats. CleanTalk ensures that your website remains secure, fast, and fully optimized by combining a robust set of features to stop malicious attacks before they happen.
CVE-2026-32544	OOPSpam Anti-Spam vulnerable	Mar 31, 2026, 04:03:23	Min - Max 1.2.62	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OOPSpam Team OOPSpam Anti-Spam oopspam-anti-spam allows Stored XSS.This issue affects OOPSpam Anti-Spam: from n/a through <= 1.2.62.
CVE-2026-27042	NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor vulnerable	Mar 31, 2026, 04:03:18	Min - Max 3.2.1	Missing Authorization vulnerability in WPDeveloper NotificationX notificationx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NotificationX: from n/a through <= 3.2.1.
CVE-2026-32335	The Conference vulnerable	Mar 31, 2026, 04:03:15	Min - Max 1.2.5	Missing Authorization vulnerability in raratheme The Conference the-conference allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Conference: from n/a through <= 1.2.5.
CVE-2025-68515	WP Booking System – Booking Calendar vulnerable	Mar 31, 2026, 04:03:07	Min - Max 2.0.19.12	Insertion of Sensitive Information Into Sent Data vulnerability in Roland Murg WP Booking System wp-booking-system allows Retrieve Embedded Sensitive Data.This issue affects WP Booking System: from n/a through <= 2.0.19.12.
CVE-2025-67969	UPI QR Code Payment Gateway for WooCommerce vulnerable	Mar 31, 2026, 04:03:06	Min - Max 1.5.1	Missing Authorization vulnerability in knitpay UPI QR Code Payment Gateway for WooCommerce upi-qr-code-payment-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UPI QR Code Payment Gateway for WooCommerce: from n/a through <= 1.5.1.
CVE-2026-31920	Product Rearrange for WooCommerce vulnerable	Mar 31, 2026, 04:03:02	Min - Max 1.2.2	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Blind SQL Injection.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2.
CVE-2026-31921	Product Rearrange for WooCommerce vulnerable	Mar 31, 2026, 04:03:02	Min - Max 1.2.2	Missing Authorization vulnerability in Devteam HaywoodTech Product Rearrange for WooCommerce products-rearrange-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Rearrange for WooCommerce: from n/a through <= 1.2.2.
CVE-2026-32523	WPJAM Basic vulnerable	Mar 31, 2026, 03:03:58	Min - Max 6.9.2	Unrestricted Upload of File with Dangerous Type vulnerability in denishua WPJAM Basic wpjam-basic allows Using Malicious Files.This issue affects WPJAM Basic: from n/a through <= 6.9.2.
CVE-2026-22459	WP CTA – Call To Action Plugin, Sticky CTA, Floating Buttons, Floating Tab Plugin vulnerable	Mar 31, 2026, 03:03:57	Min - Max 1.7.4	Missing Authorization vulnerability in Blend Media WordPress CTA easy-sticky-sidebar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through <= 1.7.4.

Recent approved applications
Application	Date	Description	Details
			Actual on: Apr 11, 2026, 05:04:44
Metform Elementor Contact Form Builder	Mar 30, 2026, 11:03:54	MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor (v4.1.3) is a powerful drag-and-drop form builder plugin designed to extend Elementor with advanced form creation capabilities. It allows users to build complex forms such as contact forms, surveys, booking forms, payment forms, and more without writing code. Built for websites running on WordPress, MetForm integrates deeply into both frontend and backend workflows, handling user input, data storage, AJAX submissions, file uploads, a...
File Manager Pro – Filester	Mar 30, 2026, 11:03:47	File manager plugins are security-relevant by design because they provide direct filesystem access from wp-admin, including upload, download, edit, delete, and archive operations that normally require FTP or hosting panel access. If access control, request integrity, or path handling is weak, these features can become a shortcut to data exposure, site defacement, or availability impact. File Manager Pro – Filester version 2.0.2 has successfully completed the CleanTalk Plugin Security Certification process a...
Simple Author Box	Mar 30, 2026, 11:03:46	Author box plugins are security-relevant because they render user-controlled profile data across the site, often including author bio text, website links, and social profiles. If output encoding, access control, or request integrity is weak, these surfaces can become a path to stored XSS, unauthorized profile metadata exposure, or CSRF-driven settings changes. Simple Author Box version 2.59 has successfully completed the CleanTalk Plugin Security Certification process and received PSC-2026-64639, confirming...
Customizable WordPress Gallery Plugin – Modula Image Gallery	Mar 30, 2026, 11:03:45	Gallery plugins are security-relevant because they render user-controlled presentation data (titles, captions, alt text, links) across public pages and often provide rich admin-side builders and lightbox features. If output handling, access control, or request integrity is weak, attackers can target stored XSS through captions or settings, force configuration changes via CSRF, or expose media metadata through misprotected endpoints. Modula Image Gallery – Photo Grid & Video Gallery version 2.14.22 has succe...
Speed Optimizer – The All-In-One WordPress Performance-Boosting Plugin	Mar 30, 2026, 11:03:43	Performance and caching plugins are security-relevant because they introduce high-impact configuration inside wp-admin and can directly affect availability and content delivery behavior. If access control, request integrity, or output handling is weak, attackers may force cache purges or mode changes via CSRF, expose sensitive diagnostics, or manipulate settings that change how pages and assets are cached and served. Speed Optimizer – The All-In-One Performance-Boosting Plugin version 7.7.7 has successfully...
MainWP Child – Securely Connects Sites to the MainWP WordPress Manager Dashboard	Mar 30, 2026, 10:03:54	MainWP Child – Securely Connects to the MainWP Dashboard (v6.0.5) is a WordPress plugin designed to establish a secure connection between individual WordPress sites and a self-hosted MainWP Dashboard. This architecture allows centralized management of multiple websites, including updates, backups, monitoring, and content administration. Built for websites running on WordPress, the plugin acts as a controlled communication bridge between managed sites and the MainWP Dashboard. Due to its role in remote man...
Spectra – WordPress Gutenberg Blocks	Mar 30, 2026, 09:03:54	Spectra Gutenberg Blocks (v2.19.21) is an advanced extension for the WordPress block editor (Gutenberg), providing over 30 customizable blocks, layout tools, templates, and UI components for building modern websites without coding. Designed for websites running on WordPress, Spectra enhances the native editor instead of replacing it, allowing users to build feature-rich pages while maintaining compatibility with WordPress core architecture. With over 1+ million active installations, Spectra operates at a ...
MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall	Mar 27, 2026, 11:03:54	Security plugins are uniquely sensitive in WordPress because they operate with high privilege, touch authentication and request filtering, and often integrate with external scanning and firewall services. If access control, request integrity, or output handling is weak, attackers may force configuration changes via CSRF, abuse endpoints to leak site security metadata, or inject malicious content into admin-facing reports. MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall versio...
Migrate Guru: Migrate & Clone WordPress Free	Mar 27, 2026, 11:03:53	Migration plugins are security-relevant because they operate with high privilege, touch both the filesystem and the database, and often require sensitive destination details like FTP/cPanel credentials or a migration key. If access control, request integrity, or input/output handling is weak, attackers may trigger unauthorized migrations, leak migration metadata, force configuration changes via CSRF, or abuse migration logic to cause resource exhaustion. Migrate Guru – Site Migration & Cloning version 6.28 ...
Prime Slider – Addons For Elementor (Revolution of a slider, Hero Slider, Media Slider, Drag Drop Slider, Video Slider, P	Mar 27, 2026, 11:03:52	Slider and page builder addons expand the WordPress attack surface because they introduce rich front-end rendering, store complex widget settings, and often allow custom styling or script-like configuration through builder controls. In practice, weaknesses here most commonly translate into stored XSS through unsafe output, CSRF-driven settings changes, unauthorized access to editing features, or information disclosure via misprotected endpoints and diagnostics. Prime Slider – Addons for Elementor version 4....

Recent vulnerability researches

Recent approved applications