cleantalk

Vulnerabilities and Security Researches

Recent vulnerability researches

CVE/PSC Application Date Affected versions Description Details
Actual on: Jan 19, 2025, 20:01:27

CVE-2024-13184

The Ultimate WordPress Toolkit – WP Extended

vulnerable

Jan 20, 2025, 01:01:25
Min -
Max 3.0.13
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

CVE-2024-12385

WP Abstracts

vulnerable

Jan 20, 2025, 01:01:20
Min -
Max 2.7.3
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2025-22732

Ad Blocking Detector

vulnerable

Jan 19, 2025, 23:01:59
Min -
Max 3.6.0
Ad Blocking Detector [ad-blocking-detector] <= 3.6.0 (unfixed) CVE-2025-22732

CVE-2024-12071

Evergreen Content Poster &#8211; Auto Post and Schedule Your Best Content to Social Media

vulnerable

Jan 19, 2025, 22:01:56
Min -
Max 1.4.5
The Evergreen Content Poster – Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages.

CVE-2025-22710

Smart Manager – WooCommerce Bulk Edit Products, Orders, Coupons, Any WordPress Post Type (Advanced)

vulnerable

Jan 19, 2025, 22:01:37
Min -
Max 8.53.0
WooCommerce Advanced Bulk Edit Products, Orders, Coupons, Any WordPress Post Type &#8211; Smart Manager [smart-manager-for-wp-e-commerce] < 8.53.0 CVE-2025-22710

CVE-2024-13385

JSM Screenshot Machine Shortcode

vulnerable

Jan 19, 2025, 10:01:15
Min -
Max 3.0.0
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE-2025-22709

Verge3D Publishing and E-Commerce

vulnerable

Jan 19, 2025, 10:01:11
Min -
Max 4.8.1
Verge3D Publishing and E-Commerce [verge3d] < 4.8.1 CVE-2025-22709

CVE-2025-22719

VikAppointments Services Booking Calendar

vulnerable

Jan 19, 2025, 09:01:56
Min -
Max 1.2.17
VikAppointments Services Booking Calendar [vikappointments] < 1.2.17 CVE-2025-22719

CVE-2024-13516

Kubio AI Page Builder

vulnerable

Jan 19, 2025, 09:01:55
Min -
Max 2.4.0
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2024-13391

MicroPayments &#8211; Fans Paysite: Paid Creator Subscriptions, Digital Assets, Wallet

vulnerable

Jan 19, 2025, 09:01:46
Min -
Max 2.9.30
The MicroPayments – Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_upload_guest' shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenev...

Recent approved applications

Application Date Description Details
Actual on: Jan 19, 2025, 20:01:27

Rank Math SEO with AI SEO Tools

Jan 16, 2025, 19:01:20 <h3>Rank Math SEO &#8211; Best SEO Plugin for WordPress</h3> <p><strong>1st WordPress SEO Plugin to use AI (Artificial Intelligence)</strong> ?<br /> ★★★★★</p> <p><strong>SEO is the most consistent source of traffic for any website.</strong> We created <a href="https://rankmath.com/wordpress/plugin/seo-suite/?utm_source=LP&amp;utm_campaign=WP" rel="nofollow ugc"><strong>Rank Math, a WordPress SEO plugin</strong></a> with AI SEO features better than ChatGPT, to help every website owner get access to the SEO ...

Polylang

Jan 16, 2025, 19:01:15 <p>With Polylang fully integrated to WordPress and using only its built-in core features (taxonomies), keep steady performances on your site and create a multilingual site featuring from just one extra language to 10 or more depending on your needs. There is no limit in the number of languages added and WordPress’ language packs are automatically downloaded when ready.</p> <h4>Features</h4> <p>Depending on the type of site you have built or are planning to build, a combination of plugins from the list below...

XML Sitemap Generator for Google

Jan 08, 2025, 22:01:09 <p>Generate XML, HTML, RSS sitemaps for your website with ease using the XML Sitemap Generator for Google. This plugin enables you to improve your SEO rankings by creating page, news, video, HTML, and RSS sitemaps. It also supports custom post types and taxonomies, allowing you to ensure that all of your content is being indexed by search engines. With a user-friendly interface, you can easily configure the plugin to suit your needs and generate sitemaps in just a few clicks. Keep your website up-to-date an...

ElementsKit Elementor addons

Dec 27, 2024, 22:12:44 <p><strong>ElementsKit Elementor addons</strong> is an ultimate and all-in-one addons for <a href="https://elementor.com/" rel="nofollow ugc">Elementor</a> Page Builder. It includes the most comprehensive modules, such as <strong>Header Footer Builder, Mega Menu Builder, Layout template Library</strong>, etc. under the one hood. It has <strong>85+ custom Elementor widgets</strong> such as an Advanced accordion, Pricing table, Team member, testimonial, Accordion, tab, Countdown Timer, etc. to create any site...

WPS Hide Login

Dec 26, 2024, 22:12:41 <h4>English</h4> <p><em>WPS Hide Login</em> is a very light plugin that lets you easily and safely change the url of the login form page to anything you want. It doesn’t literally rename or change files in core, nor does it add rewrite rules. It simply intercepts page requests and works on any WordPress website. The wp-admin directory and wp-login.php page become inaccessible, so you should bookmark or remember the url. Deactivating this plugin brings your site back exactly to the state it was before.</p> <...

Starter Templates — Elementor, WordPress &amp; Beaver Builder Templates

Dec 24, 2024, 18:12:29 <h4>FREE TEMPLATES FOR ELEMENTOR, BEAVER BUILDER AND BLOCK EDITOR</h4> <p>Create professional designed pixel perfect websites in minutes with the Starter Templates plugin.</p> <p>This plugin gives you access to 280+ pre-made full website templates and individual pages for your favorite page builder such as Elementor, Beaver Builder and the Block Editor.</p> <p><a href="https://bsf.io/starter-templates-demo" rel="nofollow ugc">Try it out on a free dummy site</a></p> <p>All you need to do is select the demo t...

Limit Login Attempts Reloaded

Dec 24, 2024, 17:12:41 <p><a href="https://www.limitloginattempts.com" rel="nofollow ugc">Limit Login Attempts Reloaded</a> functions as a robust deterrent against <a href="https://www.limitloginattempts.com/cracking-the-code-unveiling-the-mechanics-behind-brute-force-attacks/" rel="nofollow ugc">brute force attacks</a>, bolstering your website&#8217;s security measures and optimizing its performance. It achieves this by <strong>restricting the number of login attempts allowed</strong>. This applies not only to the standard login...

Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &amp; Restrict Content – ProfilePress

Dec 23, 2024, 10:12:37 <h4>Modern WordPress Membership Plugin for Ecommerce, Digital Downloads, User Profile, Registration &amp; Login Form</h4> <p><a href="https://profilepress.com/?utm_source=wprepo&amp;utm_medium=link&amp;utm_campaign=liteversion" rel="nofollow ugc">ProfilePress</a> is a powerful ecommerce and paid membership plugin for accepting one-time and recurring payments, selling subscriptions and digital products or digital downloads (downloadable files) via Bank Transfer, Stripe, PayPal, RazorPay, Mollie &amp; Paystac...

Loco Translate

Dec 20, 2024, 22:12:22 <p>Loco Translate provides in-browser editing of WordPress translation files and integration with automatic translation services.</p> <p>It also provides Gettext/localization tools for developers, such as extracting strings and generating templates.</p> <p>Features include:</p> <ul> <li>Built-in translation editor within WordPress admin</li> <li>Integration with translation APIs including DeepL, Google, Microsoft and Lecto AI</li> <li>Create and update language files directly in your theme or plugin</li> <l...

WP Super Cache

Dec 20, 2024, 22:12:17 <p>This plugin generates static html files from your dynamic WordPress blog. After a html file is generated your webserver will serve that file instead of processing the comparatively heavier and more expensive WordPress PHP scripts.</p> <p>The static html files will be served to the vast majority of your users:</p> <ul> <li>Users who are not logged in.</li> <li>Users who have not left a comment on your blog.</li> <li>Or users who have not viewed a password protected post.</li> </ul> <p>99% of your visitor...