According to a report by Imperva Threat Research, bots accounted for 47% of all web traffic in 2022, with 27.7% of them being identified as malicious. That means that one in four visitors to your site could be a hacker, a spammer, or a scraper, trying to steal your data, spam your comments, or copy […]
Updates since April 4, 2024 This blog post is about an unpatched Remote Code Execution (RCE) vulnerability discovered in Oxygen and Breakdance builder. At the time of publication of this security advisory article, there is still no patch available on the latest version of the affected components. We hope that the developer will be implementing […]
This blog post is about the REHub theme and plugin vulnerabilities. If you’re a REHub user, please update the plugin to at least version 19.6.2 on both the theme and the plugin. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the REHub Theme and Plugin […]
This blog post is about the Automatic plugin vulnerabilities. If you’re an Automatic user, please update the plugin to at least version 3.92.1. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Automatic Plugin The plugin Automatic (premium version), which is estimated to have over […]
The vulnerability in the GOTMLS plugin was originally reported by stealthcopter to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the GOTMLS plugin vulnerability. If you’re a GOTMLS user, please update the plugin to at least […]
This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 5.7.0.1. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the LiteSpeed Cache Plugin The plugin LiteSpeed Cache (free version), which has over 4 […]
What is XML-RPC, and why should you be concerned with disabling it in WordPress? There’s a price to be paid for popularity. While WordPress’s phenomenal rise in popularity has resulted in 810 million websites being built with it, and a staggering 43% of all websites powered by it, security can be a justifiable concern. After […]
When we talk about WordPress websites, we often talk about development. But security is just as crucial. After numerous requests, we’ve decided to revive our previous security newsletter, taking it one step further. We’re excited to announce the launch of Patchstack WordPress Security Weekly. In Patchstack’s WordPress Security Weekly, you will learn: And more! Crash […]
The vulnerability in the Bricks Builder Theme was originally reported by snicco to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the Bricks Builder Theme vulnerability. If you’re a Bricks Builder Theme user, please update the […]
Are you worried that a password breach may have compromised your credentials? No matter whether you answered ‘yes’ or ‘no’ to that question, you should still implement multi-factor authentication to your WordPress sites. In this post, you’ll learn exactly what WordPress multi-factor authentication is, and why implementing it is a no-brainer. At the end of […]