CleanTalk's blog

    Category: Security

    • Security vulnerability in CleanTalk plugins fixed – please update your plugins

      Security vulnerability in CleanTalk plugins fixed – please update your plugins

      There was a security vulnerability, that was discovered in both Anti-Spam (versions <= 6.43.2) and Security & Malware scan (versions <= 2.145). The vulnerability was relevant to some users, who had created an account, but hadn’t inputed the Access Key. The vulnerability was discovered, but wasn’t exploited.

      We’ve taken immediate action to address this issue and fixed all the vulnerabilities. The only thing you need to do is to ensure, that you use an up-to-date version of the plugin.

       

      How to update the plugin

      To protect your website, please update the plugins to the latest version as soon as possible. This update will ensure that your website is secured against the vulnerability.

      1. Log in to your WordPress Dashboard: Access your website’s administrative area.
      2. Navigate to “Plugins”: Click on the “Plugins” menu.
      3. Update Your Plugins: Look for the available updates for both Anti-Spam and Security plugins. Click the “Update Now” button for each plugin.

      We apologize for any inconvenience this may cause. Your security is our top priority, and we appreciate your prompt attention to this matter.

      If you have any questions or concerns, please don’t hesitate to drop a comment below or create a private ticket.

    • CleanTalk Research Team Discovers Stored XSS Vulnerability in WP SEOPress Plugin (v7.7.1)

      CleanTalk Research Team Discovers Stored XSS Vulnerability in WP SEOPress Plugin (v7.7.1)

      The CleanTalk Research Team identified a critical Stored XSS (Cross-Site Scripting) vulnerability in the WP SEOPress plugin, version 7.7.1. This flaw can be exploited by attackers with contributor privileges to create new admin accounts, potentially granting them full control of your WordPress website.

      Understanding Stored XSS (CVE-2024-4899)

      Stored XSS vulnerabilities allow attackers to inject malicious scripts directly into your website’s database. These scripts are then executed whenever someone views the compromised content. Unlike reflected XSS, user interaction isn’t required to trigger the attack, making it particularly dangerous.

      How Attackers Can Exploit This Vulnerability

      An attacker with contributor privileges can exploit this vulnerability by injecting malicious JavaScript code into the “SEO Title” field while creating a new post. This code can then be used to create a new admin account, granting them complete control over your website.

      Potential Consequences of an Exploit

      • Complete Site Takeover: Attackers could create new admin accounts and seize full control of your website.
      • Data Theft: Sensitive information like user credentials, financial records, and even your website’s content could be stolen.
      • Website Defacement: Attackers could alter the appearance of your site, inject further malicious code, or display unauthorized content.
      • Persistent Backdoors: Malicious actors might install backdoors to ensure continued access even after the initial vulnerability is patched.

      Taking Action to Secure Your Website

      1. Update Immediately: The most critical step is to update the WP SEOPress plugin to the latest version as soon as possible. This update addresses the vulnerability and safeguards your website.
      2. Review User Roles: Carefully review user roles and permissions. Contributors should have the minimum access necessary for their tasks.

      Through continuous vulnerability discovery and disclosure, we empower website owners and developers to take preventative measures. We believe that by working together, we can create a robust and secure WordPress ecosystem for everyone.

      Stay vigilant. Stay secure.

    • Mitigating WordPress.com API Vulnerability

      Mitigating WordPress.com API Vulnerability

      Attention WordPress website owners! We’re excited to announce that the CleanTalk Security Plugin now effectively addresses a well-known vulnerability involving the WordPress.com API.

      This vulnerability, previously discussed here, allowed unauthorized actors to potentially trace administrator usernames through a public API endpoint. While disabling the REST API entirely would be ideal, it wasn’t always a viable option for many websites.

      The CleanTalk Team Steps Up

      We understand the critical nature of this vulnerability and the potential security risks it poses. Our development team has been working diligently to implement a comprehensive solution within the CleanTalk Security Plugin.

      This update delivers:

      • Enhanced User Data Protection: CleanTalk can now effectively block attempts to exploit the exposed API endpoint, safeguarding your administrator username and other sensitive user data.
      • Improved Overall Security: This fix is just one piece of the puzzle. CleanTalk Security offers a robust suite of security measures to keep your website safe from a wide range of threats.

      What You Can Do

      1. Update Your Plugin: Ensure you’re running the latest version of the CleanTalk Security Plugin to benefit from this critical fix and ongoing protection.
      2. Review Your Security Practices: Consider implementing additional security measures like strong password policies and user access restrictions for an extra layer of defense.

      CleanTalk: Committed to Your Security

      We at CleanTalk are dedicated to providing the best possible security for your WordPress website. We continuously refine our plugin to address both emerging and long-standing vulnerabilities.

      For further information on CleanTalk Security and its capabilities, please refer to the plugin’s documentation.

      This revised announcement emphasizes the team’s effort in resolving a known issue and highlights the broader security benefits of the CleanTalk Security Plugin.

    • Strengthen Your WordPress Security with Built-in Vulnerability Checks by CleanTalk

      Strengthen Your WordPress Security with Built-in Vulnerability Checks by CleanTalk

      The CleanTalk Security plugin now offers built-in plugin vulnerability checks, empowering you to safeguard your WordPress website proactively. Just a friendly reminder if you haven’t try it till now: feel free to pick up the plugin and install it according to these instructions

      While plugins add valuable functionality, they can also introduce security risks if vulnerabilities exist. To address this, CleanTalk regularly scans popular plugins and integrates the findings directly into the Security plugin.

      Here’s how it benefits you:

      • Real-time Vulnerability Insights: Get notified within the plugin itself whenever potential vulnerabilities are detected in your active plugins.
      • Proactive Security Measures: Take immediate action to address vulnerabilities and minimize the risk of attacks.
      • Simplified Security Management: No need to visit external platforms for vulnerability information; it’s all accessible within the plugin.

      This integration strengthens your WordPress security by informing you about potential threats and allowing you to take immediate action.

      Stay Updated, Stay Secure!

      The CleanTalk Security plugin continues to evolve, offering comprehensive security solutions for your WordPress site. Remember to update the plugin to benefit from the latest features and vulnerability checks.

    • Critical Security Vulnerability in Shortcode Ultimate Plugin for WordPress

      Critical Security Vulnerability in Shortcode Ultimate Plugin for WordPress

      During routine plugin testing, we discovered a critical security vulnerability in the Shortcodes Ultimate plugin for WordPress which has 600,000+ installations. This plugin, widely used for adding powerful shortcodes to enhance website functionality, is currently vulnerable to a severe security flaw that could potentially allow attackers to exploit and gain unauthorized access to your WordPress site.

      The exploit allows contributors to embed malware JavaScript code into new posts via shortcode, subsequently facilitating admin account creation. By exploiting this flaw, attackers can gain unauthorized access and wreak havoc on websites.

      Vulnerability detailed CVE on WPScan: https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8.

      How to secure your site from the vulnerability

      Don’t rush to delete the plugin. To mitigate the risk you should just update your Shortcodes Ultimate plugin to the latest version. Additionally, implementing robust security measures, such as regular vulnerability assessments and user role restrictions, can fortify defenses against XSS attacks.

    • Strengthen Your WordPress Defense: The Ultimate Brute Force Protection 

      Strengthen Your WordPress Defense: The Ultimate Brute Force Protection 

      In the vast world of the internet, your WordPress site faces constant threats from brute force attacks. But worry not! Security & Malware Scan by CleanTalk is here to fortify your digital fortress and ensure it remains impervious to intrusion.

      In WordPress security, the login form is both essential and vulnerable. Hackers target it with relentless brute force attacks, exploiting weaknesses in passwords and outdated software. Once inside, they wreak havoc, defacing sites or stealing sensitive data. However, with measures like two-factor authentication and regular updates, we can strengthen our defenses and keep our digital kingdoms safe from harm.

      Enhance Your Security: Key Features

      • Security Firewall: Guard Your Gates

      “Build a sturdy wall around your website! CleanTalk’s Security Firewall filters out malicious IPs and halts DDoS attacks, safeguarding your WordPress site from harm.”

      • Malware Scanner: Detect and Remove Threats

      Hunt down hidden dangers! CleanTalk’s vigilant scanner identifies and eliminates malware, ensuring your WordPress files stay clean and your site stays secure.

      • Brute Force Protection: Keep Intruders Out

      “Block unwanted guests from your site! CleanTalk’s Brute Force Protection plugin limits login attempts and adds delays on failed logins, effectively thwarting brute force attacks.

      • Two-Factor Authentication: Double Up on Security

      Add an extra layer of protection! CleanTalk’s Two-Factor Authentication ensures that only authorized users gain access to your WordPress domain, boosting security for your peace of mind.

      • Custom wp-login URL: Hide Your Entry Point

      Keep your login page under wraps! CleanTalk lets you customize your login URL, confusing automated login attempts and safeguarding against unauthorized access.

      Secure Your WordPress Stronghold

      With over 20,000 active installations and nearly a perfect 5-star rating on WordPress.org, Security & Malware Scan by CleanTalk stands as a trusted guardian in the realm of WordPress security. Its widespread adoption and high user satisfaction attest to its effectiveness in fortifying websites against cyber threats. From thwarting brute force attacks to detecting and eliminating malware, Security & Malware Scan by CleanTalk offers a comprehensive suite of features to keep your WordPress site safe and secure. 

      Don’t overlook the critical need to fortify your digital defenses. Stay informed with CleanTalk Research, your indispensable source for real-time alerts on plugin vulnerabilities and PSC plugin security certificates. Subscribe to our Telegram channel and stay one step ahead of cyber threats. Learn more: Subscribe to CleanTalk Research

      Choose Security & Malware scan by CleanTalk and protect your WordPress kingdom with ease and efficiency. Your digital fortress awaits its impenetrable shield!

    • Magento 2 Security Extension Released

      Magento 2 Security Extension Released

      Good news for website owners on Magento 2.0 or newer. We have updated our UniForce extension, and now it works with Magento 2.X.

       

      What exactly the extension does

      UniForce is an extension that can be installed on any PHP site, CMS, or framework. We also call Uniforce a Universal security plugin for every CMS.

      • Malware scanning
        One-time and daily automatic tests for existing Malware and viruses among the site’s files.

      • Firewall
        Firewall – uses a database of IP addresses of those who attempt to hack sites, personal IP lists, networks, and countries. These lists forbid visiting the site, which means you can’t get to the site from these IPs.

      • XSS, SQL, and exploit-based attacks
        Protect a website from exploit attacks, XSS attacks, and SQL injections.

      • Brute-force protection
        Protect a website from password guessing (brute-force).

       

      How to install UniForce on Magento 2.0 or newer

      We have prepared a detailed 8-step instruction for you on how to install UniForce on your Magento site.

    • We have added a new feature to Security Protection – File System Watcher

      We have added a new feature to Security Protection – File System Watcher

      Introducing File System Watcher, a new feature of our Security protection. It helps to track changes in your site files to detect suspicious ones in time. File System Watcher has already been added to all plans and is enabled by default.

       

      How the feature works

      The feature takes a snapshot of the file system during a selected period and allows you to monitor which files on your site have been modified between selected dates. The snapshots are stored for 7 days.

      You can control the frequency of snapshots in the plugin settings. Alternatively, you can run the snapshot immediately by clicking the Create File System snapshot button and refreshing the page.

       

      How to use the feature and see results

      1. Go to your WordPress site dashboard and go to SettingsSecurity by CleanTalkFile System Watcher.

      2. Select the dates you want to compare and click the Compare button.

      3. Click the View link and you will see the code for the modified version of the specified file.

      To use this feature you have to have a Security & Malware scan plugin installed to your WordPress. Feel free to download it in WordPress catalog.

    • Cleantalk Plugins Added to the AMP Websites Catalog for WordPress

      Cleantalk Plugins Added to the AMP Websites Catalog for WordPress

      Since our Anti-Spam and Security plugins are fully AMP-compatible, they are now available from the plugin catalog on the amp-wp.org website, where all the most popular AMP-compatible plugins and themes for WordPress are collected.

      How this benefits you from using AMP

      Using AMP (Accelerated Mobile Pages) for a WordPress website can offer several advantages, including:

      Faster loading times
      AMP pages are designed to load quickly on mobile devices, which can improve user experience and reduce bounce rates.      		Improved mobile performance
      AMP pages are optimized for mobile devices, ensuring a smooth and responsive experience for users.
      Higher search engine rankings
      Google prioritizes AMP pages in search results, which can lead to better visibility and higher rankings for your WordPress website.      		Better user engagement
      Faster loading times and a smoother browsing experience can lead to increased user engagement and higher conversion rates.
      Reduced bounce rates
      With faster loading times and improved performance, AMP pages are less likely to experience high bounce rates, keeping visitors on your website longer.      		Cost-effective solution
      Implementing AMP on your WordPress website is a cost-effective way to improve mobile performance and user experience without investing in expensive development solutions.
    • Why Even the Best Free Malware Removal Tools Can’t Cure Your Website Completely

      Why Even the Best Free Malware Removal Tools Can’t Cure Your Website Completely

      If your website was developed using one of the popular CMS like WordPress or others, there are various security plugins for them, which provide permanent protection from malware. But what to do if your site is unprotected and you suspect that it has been infected? Let’s find out together.

       

      6 signs that your website may be infected

      First of all, let’s break down when it’s really time for you to think about cleaning your site of malware.

      1. Unusual activity in Server logs
        Server logs contain access logs that display the users who have recently accessed your website.

      2. Your website is slow
        Hackers deploy DoS attacks to overload your server resources, thus impacting your website speed and performance.

      3. Emails ending in the Spam folder
        This happens when your web server is infected with malware. As a result, email servers categorize your emails as “spam”.

      4. Pop-up and Spam Ads
        Usually happens when you have installed an insecure plugin or theme. Hackers earn money when visitor clicks on them.

      5. Modified website files
        To insert backdoors and other malicious code in your site, hackers often modify your website core files.

      6. Website being redirected
        Hackers often deploy cross-site scripting (or XSS) attacks to send your website traffic to unsolicited websites.

      What is a manual malware removal

      During a manual malware removal, a dedicated cybersecurity specialist is assigned to your site to work on your site from start to complete site cleanup.

      Step 1: Clean up the bad stuff
      Using SSH and admin access, the specialist reaches your website hosting and gets rid of all viruses, malware, malicious code, and bad links on your website.

      Step 2: Restore the site from backup
      In case you have a backup he restores the site from backup. Otherwise, he works with the site’s current version.

      Step 3: Protect it from future infections
      The specialist installs a permanent Security protection plugin to avoid infecting in the future.

       

      Reasons to use manual malware removal instead of automatic

      Sometimes automatic solutions can be enough to find the most known viruses and malware and often are low cost or free.

      Automatic free malware removal tools can be effective at identifying and removing known malware from a website, but there are several reasons why they may not completely cure a website of all security threats.

      • Over-insurance and possible data loss
        The problem is that they often over-insure and accept your files as bad ones, causing large file and data losses during automatic site cures. A specialist can always distinguish your files from malicious ones even if it’s a custom code.

      • Evolving Malware
        Malware is constantly evolving, with new variants and techniques being developed by cybercriminals. Automatic tools may not always be able to keep up with the latest malware threats.

      • Hidden Malware
        Some malware is designed to be stealthy and can hide in obscure locations within a website’s code or files. Automatic tools may not always detect these hidden threats.

      • False Positives
        Automatic tools may sometimes flag legitimate code or files as malware, leading to false positives. This can result in the removal of essential components of the website, causing functionality issues.

      • Complex Infections
        In some cases, websites may be infected with complex malware that requires manual intervention to fully eradicate. Automatic tools may not have the capability to address these intricate infections effectively.

      • Vulnerability Patching
        While malware removal tools can remove existing infections, they may not address the underlying vulnerabilities that allowed the malware to compromise the website in the first place. It’s essential to also address security vulnerabilities and implement robust security measures to prevent future infections.

      • Human Expertise
        Manual inspection and intervention by cybersecurity experts are often necessary to thoroughly assess the extent of an infection, identify potential backdoors, and ensure that the website is fully secure.

      In conclusion, while automatic malware removal tools are valuable for initial detection and removal of known threats, they may not be sufficient to completely cure a website of all security issues. Manual inspection, ongoing security measures, and expert intervention are often necessary to ensure comprehensive protection against malware and other security threats.

       

      Why it is profitable for you to use CleanTalk malware removal

      100% refund in case of unsuccessful
      We will manually clean your site from viruses and malware or refund your money.      		10+ years fighting malware
      of fighting malware and spam all over the Internet. We are aware of all the dangers that can threaten your website and how to deal with them.

      30-day support
      Free 30-day help with reinfection. As a guarantee of our work we continue to be with you and will get back to work if needed.

      		50+ CVE reports published
      And we continue to share found vulnerabilities in our blog.
      10 000+ active users
      A lot of loyal users that trust our experience and use our Security protection.      		1 year of free Security Plugin
      Order your Malware Removal now and get 1 year of free Security plugin.

      Clean your site from malware today

      And get CleanTalk Security Plugin for 1 year for FREE

      ORDER MALWARE REMOVAL