This security advisory is written about a critical Elementor Pro vulnerability originally disclosed by NinTechNet. Patchstack users have received a vPatch to protect their site against this vulnerability. Vulnerability information On March 22, 2023, Elementor Pro released version 3.11.7 of its plugin which fixes a critical Elementor Pro vulnerability that in combination with the WooCommerce […]
Welcome to the Patchstack Weekly Security Update, Episode 64! This update is for week 13 of 2023. This week’s news is about understanding security bug severity, and how not all security bugs are equal. Some can wait for a patch, but others may need immediate attention. You can save yourself a lot of headaches when […]
This blog post is about the User Registration plugin vulnerability. If you’re a User Registration user, please update the plugin to at least version 2.3.3. Paid Patchstack users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. User Registration WordPress plugin The plugin User Registration (versions 2.3.2.1 […]
This security advisory is written about the critical vulnerability in WooCommerce Payments, which is a privilege escalation vulnerability. Patchstack users have received a vPatch to protect their site against this vulnerability. Update March 24th, 2023: WooCommerce has released a statement providing some information about this vulnerability. The critical vulnerability in WooCommerce payments was discovered and […]
Welcome to the Patchstack Weekly Security Update, Episode 63! This update is for week 12 of 2023 and talks about how to spot abandoned plugins in your WordPress site. This week’s news is about how to spot a silent threat that may be hiding in your WordPress plugins administration page! Stay tuned and learn how […]
The thought of your WordPress site being hacked is terrifying. A single attack can cause system downtime, data loss, and reputational damage – it’s a nightmare scenario. But it doesn’t have to be. At Patchstack, we’ve seen firsthand the devastating impact of WordPress vulnerabilities. That’s why we created this guide: to equip you with the […]
Welcome to the Patchstack Weekly Security Update, Episode 62! This update is for week 11 of 2023. In this week’s knowledge share, I will be sharing a review of Patchstack’s annual ‘State of WordPress Security’ report. This report was just released and is jam-packed with useful insights from the front lines of WordPress security. I […]
Welcome back to Patchstack’s “Last Patch”. This is a special episode, normally these blog posts are lessons in defensive coding tactics using a plugin that has already been disabled due to abandonment. However, in this post I will share with you the happy story about a plugin author that was able to apply the recommended […]
There is a vulnerability in the OceanWP theme – Subscriber+ Path Traversal Leading to Local File Inclusion in <= 3.4.1 If you’re an OceanWP user, please update the theme to at least version 3.4.2. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the […]
Welcome to the Patchstack Weekly Security Update, Episode 61. This is update is for week 9 of 2023. In last week’s knowledge share, I talked about static sites, I mentioned headless CMS being different and a topic for another week. Well, that week has come, and this week’s knowledge share is an introduction to headless […]