News, hints, manuals for CleanTalk anti-spam service
The CleanTalk Research Team identified a critical Stored XSS (Cross-Site Scripting) vulnerability in the WP SEOPress plugin, version 7.7.1. This flaw can be exploited by attackers with contributor privileges to create new admin accounts, potentially granting them full control of
Attention WordPress website owners! We’re excited to announce that the CleanTalk Security Plugin now effectively addresses a well-known vulnerability involving the WordPress.com API. This vulnerability, previously discussed here, allowed unauthorized actors to potentially trace administrator usernames through a public API
The CleanTalk Security plugin now offers built-in plugin vulnerability checks, empowering you to safeguard your WordPress website proactively. Just a friendly reminder if you haven’t try it till now: feel free to pick up the plugin and install it according
During routine plugin testing, we discovered a critical security vulnerability in the Shortcodes Ultimate plugin for WordPress which has 600,000+ installations. This plugin, widely used for adding powerful shortcodes to enhance website functionality, is currently vulnerable to a severe security
If your website was developed using one of the popular CMS like WordPress or others, there are various security plugins for them, which provide permanent protection from malware. But what to do if your site is unprotected and you suspect
When it comes to understanding the activity and location of an IP address, there are various tools available that provide valuable information. CleanTalk IP Tools allows users to gather details about an IP address, including its geographical location, DNS name,
Fraud attacks have become increasingly prevalent, posing a serious threat to businesses and individuals alike. These attacks involve the use of deceptive tactics to gain unauthorized access to sensitive information or financial resources. Fraudsters often utilize various means such as
While monitoring exposed password databases we found a leaked database that contained 178 compromised credentials of CleanTalk users among other data. These emails/passwords were compromised some time ago and after that were used to create a CleanTalk account by their
While evaluating the plugin, we uncovered a vulnerability that permits the execution of Stored Cross-Site Scripting (XSS) on behalf of a contributor. This vulnerability is exploited by inserting a shortcode into a newly created post, potentially resulting in an account
During testing, a vulnerability was found that allows, through changing the settings, to implement Stored XSS on all pages where there is a mention of the plugin. This vulnerability is available on behalf of the administrator and allows you to
