Slider Revolution came to us with a request to audit their product for potential vulnerabilities since they wanted to make sure that their users’ websites were not vulnerable to an attack. This blog post discusses our audit findings, which we have been authorized to publicize. If you’re a Slider Revolution user, please update the plugin […]
This blog post is about the UserPro plugin vulnerabilities. If you’re a UserPro user, please update the plugin to at least version 5.1.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the UserPro Plugin The plugin UserPro (premium version), which has over 20,000 sales, is […]
Today we present an interview with one of our most active community members – Mat Rollings. He’s an experienced developer turned application security ‘expert.’ He loves reviewing code and breaking things, making bug bounty hunting his dream job. In April, he was our top WordPress security researcher and earned a $1553 bounty reward. Why did […]
This is a blog post about research of an additional vulnerability scenario of the root cause that led to the publicly known WordPress Core Blind SSRF. More affected components were found that may affect hundreds of plugins in the wild. WordPress core itself is not affected by this, but the plugins that are using the […]
This blog post is about the XStore theme and plugin vulnerabilities. If you’re an XStore user, please update the theme to at least version 9.3.9 and the plugin to at least version 5.3.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the XStore Theme and […]
AI has emerged as a transofrmative force in almost every field, and cybersecurity is no exception. It has found use as a weapon – but also as a shield. At Patchstack we’re working on using AI for the good, as a tool to find and fix open-source vulnerabilities faster. In this article by our very […]
This blog post is about the Uncode Core plugin vulnerabilities. If you’re a Uncode user, please update the core plugin to at least version 2.8.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Uncode Core Plugin The plugin Uncode Core (premium version) is a […]
Disclaimer: Please note that we always recommend to use backup services offered by your hosting provider. Plugin-based solutions should only be used for redundancy or when there is no other option. With 46% of all websites running on WordPress, it’s a statistical fact that they’re going to see a great deal of hack attempts. In […]
Forms are essential for any website that needs to collect information from visitors, whether it’s for lead generation, feedback, surveys, quizzes, or payments. But with so many WordPress form plugins available, how do you know which one is right for your needs? In this article, we compare and review some of the most popular and […]
If you’re a WordPress user, then you may already know that WordPress needs certain file permissions to function properly, such as reading, writing, and executing files. If you misconfigure these permissions, it could put your site at risk. In this post, you’ll learn all about WordPress file permissions, and how you can change them to […]