Does Login Security, FireWall, Malware removal by CleanTalk have any unpatched vulnerabilities?

No. All known vulnerabilities in Login Security, FireWall, Malware removal by CleanTalk have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Login Security, FireWall, Malware removal by CleanTalk compatible with WordPress 6.9.4?

According to WordPress.org data, Login Security, FireWall, Malware removal by CleanTalk 2.174 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Login Security, FireWall, Malware removal by CleanTalk compatible with PHP 7.2+?

Login Security, FireWall, Malware removal by CleanTalk requires PHP 7.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

Login Security, FireWall, Malware removal by CleanTalk Security & Risk Analysis

wordpress.org/plugins/security-malware-firewall

Brute force, Login security & Two Factor Auth (2FA). Limit login. Malware & Vulnerabilities scan. FireWall. Enterprise ready security plugin.

30K active installs v2.174 PHP 7.2+ WP 5.0+ Updated Mar 2, 2026

firewallloginmalwaresecuritywaf

A · Safe

CVEs total5

Unpatched0

Last CVEDec 8, 2025

Plugin page Download

Safety Verdict

Is Login Security, FireWall, Malware removal by CleanTalk Safe to Use in 2026?

Generally Safe

Score 86/100

Login Security, FireWall, Malware removal by CleanTalk has a strong security track record. Known vulnerabilities have been patched promptly.

5 known CVEsLast CVE: Dec 8, 2025Updated 1mo ago

Risk Assessment

The security-malware-firewall plugin version 2.174 presents a mixed security posture. While it demonstrates some positive security practices, such as a high percentage of SQL queries using prepared statements and a reasonable number of capability checks, significant concerns are evident. The large attack surface, with 66 AJAX handlers and a concerning 48 of them lacking authentication checks, is a major weakness. This exposes a significant portion of the plugin's functionality to potential unauthorized access and manipulation. Furthermore, only 29% of output escaping is properly handled, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities. The taint analysis, although limited in scope with only 8 flows, reveals 4 with unsanitized paths, which is concerning for potential injection vulnerabilities.

Key Concerns

High number of AJAX handlers without auth checks
Low percentage of properly escaped output
Taint analysis shows unsanitized paths
Numerous past vulnerabilities with critical/high severity
History of 'Missing Authorization' vulnerabilities
History of 'Cross-site Scripting' vulnerabilities
History of 'SQL Injection' vulnerabilities

Vulnerabilities

Login Security, FireWall, Malware removal by CleanTalk Security Vulnerabilities

CVEs by Year

1 CVE in 2020

2020

1 CVE in 2023

2023

1 CVE in 2024

2024

2 CVEs in 2025

2025

Patched Has unpatched

Severity Breakdown

Critical

High

Medium

5 total CVEs

CVE-2025-13604high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Login Security, FireWall, Malware removal by CleanTalk <= 2.168 - Unauthenticated Stored Cross-Site Scripting via Page URL

Dec 8, 2025 Patched in 2.169 (1d)

CVE-2024-13365critical · 9.8Unrestricted Upload of File with Dangerous Type

Security & Malware scan by CleanTalk <= 2.149 - Unauthenticated Arbitrary File Upload

Feb 11, 2025 Patched in 2.150 (1d)

CVE-2024-10570high · 7.5Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Security & Malware scan by CleanTalk <= 2.145 - Authorization Bypass via Reverse DNS Spoofing to Unauthenticated SQL Injection

Nov 25, 2024 Patched in 2.145.1 (1d)

CVE-2023-5239medium · 5.3Use of Less Trusted Source

Security & Malware scan by CleanTalk <= 2.120 - IP Spoofing to Protection Mechanism Bypass

Nov 6, 2023 Patched in 2.121 (78d)

CVE-2020-36698high · 8.8Missing Authorization

Security & Malware scan by CleanTalk <= 2.50 - Missing Authorization

Jul 6, 2020 Patched in 2.51 (1296d)

Code Analysis

Analyzed Mar 16, 2026

Login Security, FireWall, Malware removal by CleanTalk Code Analysis

Dangerous Functions

Raw SQL Queries

43 prepared

Unescaped Output

146

60 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

86% prepared50 total queries

Output Escaping

29% escaped206 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

8 flows4 with unsanitized paths

spbc_passleak_change_password_form (inc\spbc-auth.php:542)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

48 unprotected

Login Security, FireWall, Malware removal by CleanTalk Attack Surface

Entry Points67

Unprotected48

AJAX Handlers 66

authwp_ajax_spbc_get_authorized_adminsinc\spbc-admin.php:80

authwp_ajax_spbc_show_more_security_logsinc\spbc-admin.php:83

authwp_ajax_spbc_show_hostname_security_logsinc\spbc-admin.php:84

authwp_ajax_spbc_show_more_security_firewall_logsinc\spbc-admin.php:85

authwp_ajax_spbc_tc__filter_ipinc\spbc-admin.php:86

authwp_ajax_spbc_scanner_controller_frontinc\spbc-admin.php:89

authwp_ajax_spbc_scanner_load_more_scan_logsinc\spbc-admin.php:90

authwp_ajax_spbc_scanner_save_to_pdfinc\spbc-admin.php:91

authwp_ajax_spbc_scanner_get_pdf_file_nameinc\spbc-admin.php:92

authwp_ajax_spbc_scanner_clearinc\spbc-admin.php:93

authwp_ajax_spbc_scanner__last_scan_infoinc\spbc-admin.php:94

authwp_ajax_spbc_scanner_file_sendinc\spbc-admin.php:97

authwp_ajax_spbc_scanner_file_deleteinc\spbc-admin.php:98

authwp_ajax_spbc_scanner_file_approveinc\spbc-admin.php:99

authwp_ajax_spbc_scanner_file_viewinc\spbc-admin.php:100

authwp_ajax_spbc_scanner_page_viewinc\spbc-admin.php:101

authwp_ajax_spbc_scanner_file_replaceinc\spbc-admin.php:102

authwp_ajax_spbc_scanner_file_check_analysis_statusinc\spbc-admin.php:103

authwp_ajax_spbc_scanner_analysis_log_delete_from_loginc\spbc-admin.php:104

authwp_ajax_spbc_file_cure_ajax_actioninc\spbc-admin.php:105

authwp_ajax_spbc_restore_file_from_backup_ajax_actioninc\spbc-admin.php:106

authwp_ajax_spbc_settings__draw_elementsinc\spbc-admin.php:109

authwp_ajax_spbc_scanner_tab__reload_accordioninc\spbc-admin.php:110

authwp_ajax_spbct_get_tab_datainc\spbc-admin.php:113

authwp_ajax_spbc_tbl-action--bulkinc\spbc-admin.php:116

authwp_ajax_spbc_tbl-action--rowinc\spbc-admin.php:117

authwp_ajax_spbc_tbl-paginationinc\spbc-admin.php:118

authwp_ajax_spbc_tbl-sortinc\spbc-admin.php:119

authwp_ajax_spbc_tbl-switchinc\spbc-admin.php:120

authwp_ajax_spbc_cure_selectedinc\spbc-admin.php:121

authwp_ajax_spbc_restore_selectedinc\spbc-admin.php:122

authwp_ajax_spbc_restore_from_quarantineinc\spbc-admin.php:123

authwp_ajax_spbc_send_traffic_controlinc\spbc-admin.php:126

authwp_ajax_spbc_send_security_loginc\spbc-admin.php:127

authwp_ajax_spbc_check_file_blockinc\spbc-admin.php:130

authwp_ajax_spbc_rollbackinc\spbc-admin.php:133

authwp_ajax_spbc_backup__deleteinc\spbc-admin.php:134

authwp_ajax_spbc_settings__get_descriptioninc\spbc-admin.php:137

authwp_ajax_spbc_settings__get_recommendationinc\spbc-admin.php:138

authwp_ajax_spbc_settings__check_renew_bannerinc\spbc-admin.php:139

authwp_ajax_spbc_syncinc\spbc-admin.php:140

authwp_ajax_spbc_get_key_autoinc\spbc-admin.php:141

authwp_ajax_spbc_update_account_emailinc\spbc-admin.php:142

authwp_ajax_spbc_create_support_userinc\spbc-admin.php:143

authwp_ajax_spbc_generate_confirmation_codeinc\spbc-admin.php:146

authwp_ajax_spbc_check_confirmation_codeinc\spbc-admin.php:147

authwp_ajax_spbc_private_list_addinc\spbc-admin.php:150

authwp_ajax_spbc_change_role_templateinc\spbc-admin.php:153

authwp_ajax_spbc_change_roleinc\spbc-admin.php:154

authwp_ajax_spbc_check_pass_leakinc\spbc-admin.php:198

authwp_ajax_spbc_check_vulnerability_listinc\spbc-admin.php:383

authwp_ajax_spbc_check_vulnerability_installinc\spbc-admin.php:434

authwp_ajax_spbc_action_shuffle_saltsinc\spbc-admin.php:811

authwp_ajax_spbc_action_adjust_changeinc\spbc-admin.php:856

authwp_ajax_spbc_action_adjust_reverseinc\spbc-admin.php:872

authwp_ajax_spbc_get_2fa_app_qr_codeinc\spbc-auth.php:53

authwp_ajax_spbc_check_2fa_app_codeinc\spbc-auth.php:54

authwp_ajax_spbc_disable_2fa_appinc\spbc-auth.php:55

authwp_ajax_spbc_analysyis_files_stats__get_htmlinc\spbc-settings.php:3158

authwp_ajax_spbc_get_role_capabilitiesinc\spbc-settings.php:6149

authwp_ajax_spbc_react_access_key_checkinc\spbct-sync-react.php:11

authwp_ajax_spbc_react_secfw_update_initinc\spbct-sync-react.php:12

authwp_ajax_spbc_react_settings_exclusionsinc\spbct-sync-react.php:13

authwp_ajax_spbc_react_run_ajusting_envinc\spbct-sync-react.php:14

authwp_ajax_spbc_react_signatures_updateinc\spbct-sync-react.php:15

authwp_ajax_spbc_react_run_vulnerability_checkinc\spbct-sync-react.php:16

Shortcodes 1

[cleantalk_security_affiliate_link] security-malware-firewall.php:606

WordPress Hooks 67

actionadmin_bar_menuinc\spbc-admin.php:66

actioncleantalk_admin_bar__parent_node__beforeinc\spbc-admin.php:69

actioncleantalk_admin_bar__add_icon_to_parent_nodeinc\spbc-admin.php:70

filtercleantalk_admin_bar__parent_node__afterinc\spbc-admin.php:71

filteradmin_bar_menuinc\spbc-admin.php:73

filteradmin_bar_menuinc\spbc-admin.php:75

filtermanage_users_columnsinc\spbc-admin.php:197

actionafter_plugin_rowinc\spbc-admin.php:278

filterplugins_api_resultinc\spbc-admin.php:300

filterplugin_row_metainc\spbc-admin.php:301

filterplugin_install_action_linksinc\spbc-admin.php:355

filterwp_prepare_themes_for_jsinc\spbc-admin.php:418

filterupgrader_post_installinc\spbc-admin.php:478

filterauthenticateinc\spbc-auth.php:20

actionset_logged_in_cookieinc\spbc-auth.php:23

filterauthenticateinc\spbc-auth.php:27

actiondelete_userinc\spbc-auth.php:28

actionprofile_updateinc\spbc-auth.php:29

actionlogin_forminc\spbc-auth.php:30

actionlogin_form_logininc\spbc-auth.php:31

actionlogin_errorsinc\spbc-auth.php:34

actionwp_logoutinc\spbc-auth.php:35

actionlogin_footerinc\spbc-auth.php:36

filtermanage_users_columnsinc\spbc-auth.php:38

filtermanage_users-network_columnsinc\spbc-auth.php:39

filtermanage_users_custom_columninc\spbc-auth.php:40

actioninitinc\spbc-auth.php:44

actionlogin_form_logininc\spbc-auth.php:46

actionlogin_forminc\spbc-auth.php:47

actionafter_password_resetinc\spbc-auth.php:48

actionshow_user_profileinc\spbc-auth.php:50

actionedit_user_profileinc\spbc-auth.php:51

filtersafe_style_cssinc\spbc-settings-summary-and-stats.php:336

actionspbc_before_returning_settingsinc\spbc-settings.php:5487

actionspbc_before_returning_settingsinc\spbc-settings.php:5498

actioninitsecurity-malware-firewall.php:211

filterxmlrpc_enabledsecurity-malware-firewall.php:235

filterrest_authentication_errorssecurity-malware-firewall.php:240

filterrest_authentication_errorssecurity-malware-firewall.php:257

actionadmin_headsecurity-malware-firewall.php:378

actionwp_headsecurity-malware-firewall.php:379

actionplugins_loadedsecurity-malware-firewall.php:403

actionwp_insert_postsecurity-malware-firewall.php:406

actionwp_insert_commentsecurity-malware-firewall.php:407

actioninitsecurity-malware-firewall.php:410

actionlogin_enqueue_scriptssecurity-malware-firewall.php:411

actionwp_enqueue_scriptssecurity-malware-firewall.php:414

actionwp_footersecurity-malware-firewall.php:415

actioninitsecurity-malware-firewall.php:426

filterscript_loader_tagsecurity-malware-firewall.php:432

actionadmin_initsecurity-malware-firewall.php:433

actionadmin_initsecurity-malware-firewall.php:434

actionadmin_menusecurity-malware-firewall.php:435

actionnetwork_admin_menusecurity-malware-firewall.php:436

actionadmin_enqueue_scriptssecurity-malware-firewall.php:437

actionwp_dashboard_setupsecurity-malware-firewall.php:445

actionwp_dashboard_setupsecurity-malware-firewall.php:446

actionadmin_initsecurity-malware-firewall.php:450

filterall_pluginssecurity-malware-firewall.php:460

filterplugin_row_metasecurity-malware-firewall.php:461

actioninitsecurity-malware-firewall.php:465

actionColumnCreator_before_drop_column_analysis_statussecurity-malware-firewall.php:519

actionColumnCreator_before_change_column_eventsecurity-malware-firewall.php:520

actionwp_enqueue_scriptssecurity-malware-firewall.php:605

actioninitsecurity-malware-firewall.php:1532

actionplugins_loadedsecurity-malware-firewall.php:1566

filterspbc_get_api_key_emailsecurity-malware-firewall.php:2135

Maintenance & Trust

Login Security, FireWall, Malware removal by CleanTalk Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedMar 2, 2026

PHP min version7.2

Downloads2.6M

Community Trust

Rating96/100

Number of ratings378

Active installs30K

Alternatives

Login Security, FireWall, Malware removal by CleanTalk Alternatives

All-In-One Security (AIOS) – Security and Firewall

all-in-one-wp-security-and-firewall

Protect your website investment with All-In-One Security (AIOS) – a comprehensive and easy to use security plugin designed especially for WordPress.

1.0M 26 CVEs

Security Optimizer – The All-In-One Protection Plugin

sg-security

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

1.0M 5 CVEs

Defender Security – Malware Scanner, Login Security & Firewall

defender-security

WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.

90K 7 CVEs

BulletProof Security

bulletproof-security

WordPress Security Protection: Malware scanner, Firewall, Login Security, DB Backup, Anti-Spam...

30K 12 CVEs

Security Ninja – WordPress Security Plugin & Firewall

security-ninja

WordPress security plugin with free basic firewall/WAF, vulnerability scanning, and 50+ core integrity checks.

7K 1 CVE

Developer Profile

Login Security, FireWall, Malware removal by CleanTalk Developer Profile

CleanTalk Inc

5 plugins · 230K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

571 days

View full developer profile

Detection Fingerprints

How We Detect Login Security, FireWall, Malware removal by CleanTalk

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/security-malware-firewall/src/css/spbc_admin.css/wp-content/plugins/security-malware-firewall/src/css/spbc_frontend.css/wp-content/plugins/security-malware-firewall/src/js/spbc_admin.js/wp-content/plugins/security-malware-firewall/src/js/spbc_frontend.js

Script Paths

/wp-content/plugins/security-malware-firewall/src/js/spbc_admin.js/wp-content/plugins/security-malware-firewall/src/js/spbc_frontend.js

Version Parameters

security-malware-firewall/src/css/spbc_admin.css?ver=security-malware-firewall/src/css/spbc_frontend.css?ver=security-malware-firewall/src/js/spbc_admin.js?ver=security-malware-firewall/src/js/spbc_frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

spbc-admin-noticespbc-statsspbc-scan-resultsspbc-logs-table

HTML Comments

Data Attributes

data-spbc-scan-iddata-spbc-log-iddata-spbc-firewall-rule

JS Globals

window.spbc_admin_datawindow.spbc_frontend_datavar spbc_vars

REST Endpoints

/wp-json/spbc/v1/scan/wp-json/spbc/v1/logs/wp-json/spbc/v1/settings

Shortcode Output

[spbc_firewall_message][spbc_scan_status]

FAQ