Welcome to BlogSafe.org

BlogSafe.org is a WordPress security research and plugin development group. Our goal is to provide fast and reliable security tools to the WordPress community. We are currently striving toward non-profit status. Your contribution toward our premium plugins will help us achieve that goal.

BlogSafe Scanner Plus is a WordPress plugin that’s designed to be an extremely fast and lightweight checksum scanner that will help you detect potentially malicious files.

Read more about it here!

While most WordPress plugins that track user stats are designed to see where traffic on your website is going. BlogSafe Honeypot tracks where visitors WANT to go.

Read more about it here!

LoginSafe is both a captcha plugin and a captcha server. Designed to work with the WordPress login, it adds another layer of security to WordPress Sites.

Read more about it here!

Recent WordPress Vulnerabilities



Comments Like Dislike

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user...




The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was...



Fancy Product Designer

The Fancy Product Designer WordPress plugin before 4.6.9 allows unauthenticated attackers to upload arbitrary files, resulting in remote code execution.



Sp Project & Document Manager

The SP Project & Document Manager WordPress plugin before 4.22 allows users to upload files, however, the plugin attempts to prevent php and other similar files that could be executed on the server...



Include Me

The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore...



Woocommerce Payment Gateway Per Category

The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file...