We’ve added to Security by CleanTalk support of WP CLI commands. The list of commands,
Full guide with examples is here https://cleantalk.org/help/security-wp-cli
It works on plugins starting version 2.156 which has been released on May 19, 2025.
Have questions? Please drop us a message in the comment form down below.
The update strengthens our commitment to proactive cybersecurity, reducing infection persistence and ensuring a higher success rate in malware remediation.
There was a security vulnerability, that was discovered in both Anti-Spam (versions <= 6.43.2) and Security & Malware scan (versions <= 2.145). The vulnerability was relevant to some users, who had created an account, but hadn’t inputed the Access Key. The vulnerability was discovered, but wasn’t exploited.
We’ve taken immediate action to address this issue and fixed all the vulnerabilities. The only thing you need to do is to ensure, that you use an up-to-date version of the plugin.
To protect your website, please update the plugins to the latest version as soon as possible. This update will ensure that your website is secured against the vulnerability.
We apologize for any inconvenience this may cause. Your security is our top priority, and we appreciate your prompt attention to this matter.
If you have any questions or concerns, please don’t hesitate to drop a comment below or create a private ticket.
The CleanTalk Research Team identified a critical Stored XSS (Cross-Site Scripting) vulnerability in the WP SEOPress plugin, version 7.7.1. This flaw can be exploited by attackers with contributor privileges to create new admin accounts, potentially granting them full control of your WordPress website.
Stored XSS vulnerabilities allow attackers to inject malicious scripts directly into your website’s database. These scripts are then executed whenever someone views the compromised content. Unlike reflected XSS, user interaction isn’t required to trigger the attack, making it particularly dangerous.
An attacker with contributor privileges can exploit this vulnerability by injecting malicious JavaScript code into the “SEO Title” field while creating a new post. This code can then be used to create a new admin account, granting them complete control over your website.
Through continuous vulnerability discovery and disclosure, we empower website owners and developers to take preventative measures. We believe that by working together, we can create a robust and secure WordPress ecosystem for everyone.
Stay vigilant. Stay secure.
Attention WordPress website owners! We’re excited to announce that the CleanTalk Security Plugin now effectively addresses a well-known vulnerability involving the WordPress.com API.
This vulnerability, previously discussed here, allowed unauthorized actors to potentially trace administrator usernames through a public API endpoint. While disabling the REST API entirely would be ideal, it wasn’t always a viable option for many websites.
We understand the critical nature of this vulnerability and the potential security risks it poses. Our development team has been working diligently to implement a comprehensive solution within the CleanTalk Security Plugin.
This update delivers:
We at CleanTalk are dedicated to providing the best possible security for your WordPress website. We continuously refine our plugin to address both emerging and long-standing vulnerabilities.
For further information on CleanTalk Security and its capabilities, please refer to the plugin’s documentation.
This revised announcement emphasizes the team’s effort in resolving a known issue and highlights the broader security benefits of the CleanTalk Security Plugin.
The CleanTalk Security plugin now offers built-in plugin vulnerability checks, empowering you to safeguard your WordPress website proactively. Just a friendly reminder if you haven’t try it till now: feel free to pick up the plugin and install it according to these instructions.
While plugins add valuable functionality, they can also introduce security risks if vulnerabilities exist. To address this, CleanTalk regularly scans popular plugins and integrates the findings directly into the Security plugin.
Here’s how it benefits you:
This integration strengthens your WordPress security by informing you about potential threats and allowing you to take immediate action.
Stay Updated, Stay Secure!
The CleanTalk Security plugin continues to evolve, offering comprehensive security solutions for your WordPress site. Remember to update the plugin to benefit from the latest features and vulnerability checks.
During routine plugin testing, we discovered a critical security vulnerability in the Shortcodes Ultimate plugin for WordPress which has 600,000+ installations. This plugin, widely used for adding powerful shortcodes to enhance website functionality, is currently vulnerable to a severe security flaw that could potentially allow attackers to exploit and gain unauthorized access to your WordPress site.
The exploit allows contributors to embed malware JavaScript code into new posts via shortcode, subsequently facilitating admin account creation. By exploiting this flaw, attackers can gain unauthorized access and wreak havoc on websites.
Vulnerability detailed CVE on WPScan: https://wpscan.com/vulnerability/9eef8b29-2c62-4daa-ae90-467ff9be18d8.
Don’t rush to delete the plugin. To mitigate the risk you should just update your Shortcodes Ultimate plugin to the latest version. Additionally, implementing robust security measures, such as regular vulnerability assessments and user role restrictions, can fortify defenses against XSS attacks.
In the vast world of the internet, your WordPress site faces constant threats from brute force attacks. But worry not! Security & Malware Scan by CleanTalk is here to fortify your digital fortress and ensure it remains impervious to intrusion.
In WordPress security, the login form is both essential and vulnerable. Hackers target it with relentless brute force attacks, exploiting weaknesses in passwords and outdated software. Once inside, they wreak havoc, defacing sites or stealing sensitive data. However, with measures like two-factor authentication and regular updates, we can strengthen our defenses and keep our digital kingdoms safe from harm.
“Build a sturdy wall around your website! CleanTalk’s Security Firewall filters out malicious IPs and halts DDoS attacks, safeguarding your WordPress site from harm.”
Hunt down hidden dangers! CleanTalk’s vigilant scanner identifies and eliminates malware, ensuring your WordPress files stay clean and your site stays secure.
“Block unwanted guests from your site! CleanTalk’s Brute Force Protection plugin limits login attempts and adds delays on failed logins, effectively thwarting brute force attacks.
Add an extra layer of protection! CleanTalk’s Two-Factor Authentication ensures that only authorized users gain access to your WordPress domain, boosting security for your peace of mind.
Keep your login page under wraps! CleanTalk lets you customize your login URL, confusing automated login attempts and safeguarding against unauthorized access.
With over 20,000 active installations and nearly a perfect 5-star rating on WordPress.org, Security & Malware Scan by CleanTalk stands as a trusted guardian in the realm of WordPress security. Its widespread adoption and high user satisfaction attest to its effectiveness in fortifying websites against cyber threats. From thwarting brute force attacks to detecting and eliminating malware, Security & Malware Scan by CleanTalk offers a comprehensive suite of features to keep your WordPress site safe and secure.
Don’t overlook the critical need to fortify your digital defenses. Stay informed with CleanTalk Research, your indispensable source for real-time alerts on plugin vulnerabilities and PSC plugin security certificates. Subscribe to our Telegram channel and stay one step ahead of cyber threats. Learn more: Subscribe to CleanTalk Research
Choose Security & Malware scan by CleanTalk and protect your WordPress kingdom with ease and efficiency. Your digital fortress awaits its impenetrable shield!
Good news for website owners on Magento 2.0 or newer. We have updated our UniForce extension, and now it works with Magento 2.X.
UniForce is an extension that can be installed on any PHP site, CMS, or framework. We also call Uniforce a Universal security plugin for every CMS.
We have prepared a detailed 8-step instruction for you on how to install UniForce on your Magento site.
Introducing File System Watcher, a new feature of our Security protection. It helps to track changes in your site files to detect suspicious ones in time. File System Watcher has already been added to all plans and is enabled by default.
The feature takes a snapshot of the file system during a selected period and allows you to monitor which files on your site have been modified between selected dates. The snapshots are stored for 7 days.
You can control the frequency of snapshots in the plugin settings. Alternatively, you can run the snapshot immediately by clicking the Create File System snapshot button and refreshing the page.
1. Go to your WordPress site dashboard and go to Settings → Security by CleanTalk → File System Watcher.
2. Select the dates you want to compare and click the Compare button.
3. Click the View link and you will see the code for the modified version of the specified file.
To use this feature you have to have a Security & Malware scan plugin installed to your WordPress. Feel free to download it in WordPress catalog.
