Welcome to BlogSafe.org

BlogSafe.org is a WordPress security research and plugin development group. Our goal is to provide fast and reliable security tools to the WordPress community. We are currently striving toward non-profit status. Your contribution toward our premium plugins will help us achieve that goal.

BlogSafe Scanner Plus is a WordPress plugin that’s designed to be an extremely fast and lightweight checksum scanner that will help you detect potentially malicious files.

Read more about it here!

While most WordPress plugins that track user stats are designed to see where traffic on your website is going. BlogSafe Honeypot tracks where visitors WANT to go.

Read more about it here!

LoginSafe is both a captcha plugin and a captcha server. Designed to work with the WordPress login, it adds another layer of security to WordPress Sites.

Read more about it here!


Recent WordPress Vulnerabilities

04/2021

CVE-2021-24209

Wp Super Cache

The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache...

04/2021

CVE-2021-24187

Seo Redirection

The setting page of the SEO Redirection Plugin - 301 Redirect Manager WordPress plugin before 6.4 is vulnerable to reflected Cross-Site Scripting (XSS) as user input is not properly sanitised before...

04/2021

CVE-2021-24220

Voice

Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes...

04/2021

CVE-2021-29654

Ajaxsearchpro

AjaxSearchPro before 4.20.8 allows Deserialization of Untrusted Data (in the import database feature of the administration panel), leading to Remote Code execution.

04/2021

CVE-2021-24225

Advanced Booking Calendar

The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue

04/2021

CVE-2021-24215

Controlled Admin Access

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress plugin before 1.5.2. Uncontrolled access to the website customization functionality and global CMS...