The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577).
Today, we are super excited to launch the new version of the Patchstack mVDP platform, which now comes with an AI-based code review tool, team management features and a discussion board that helps plugin developers improve their code faster. With more and more software being generated by AI, we are witnessing a significant increase in […]
The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577).
“Traditional hosting wasn’t built for the dynamic WordPress of today. It’s time we engineered solutions specifically for them.” WordPress has come a long way from blogs and brochure sites. Today, it powers e-learning platforms, communities, and complex e-commerce stores. But while these use cases have evolved, most hosting hasn’t kept up. We spoke with Wes […]
The saying may be to “Move fast and break things,” but Rapyd Cloud’s managed website hosting team knows that doesn’t have to be the case. As a provider offering hyperspeed performance, Rapyd Cloud’s customers run complex WordPress sites with numerous dynamic plugins. They know it’s important to maintain plugins, but the process is never fast. […]
The vulnerability in the Eventin plugin was originally reported by Patchstack Alliance community member Denver Jackson to the Patchstack Zero Day bug bounty program for WordPress. The Patchstack Zero Day program has awarded the researcher $600 USD in cash. If you wish to participate in the program, you can join the community here. This blog […]
If you work in a hosting company, you know the drill. A critical WordPress vulnerability gets disclosed, and within hours, your support team is flooded with tickets. Clients panic. Sites go down. Your team scrambles to clean up the mess. It’s exhausting. It’s expensive. And it’s completely avoidable. In a recent case study, a global […]
Today, we present an interview with Denver Jackson. He’s a full-stack developer originally from the UK, now living in Thailand for the past 10 years. He’s a passionate security researcher who loves coding and exploring how things work. In his free time, he watches Arsenal, runs a 60k-subscriber YouTube channel for live watch-along reactions, and […]
When you’re managing over 50,000 domains, proactively solving users’ security pain points can be a real differentiator. That was the mindset of Veebimajutus, a regional hosting leader in the Baltics, trusted by B2C businesses to keep their sites fast, available, and secure. As WordPress plugin vulnerabilities started affecting customer sites, they faced a tough challenge: […]
Update: We have observed attackers start attempting to exploit this vulnerability in 1 hour and 31 minutes after disclosure. See Exploitation in the Wild for more information. The vulnerability in the OttoKit plugin was originally reported by Patchstack Alliance community member Denver Jackson to the Patchstack Zero Day bug bounty program for WordPress. The Patchstack […]