There is a security vulnerability in Houzez Theme that is exploited in the wild. The vulnerability in Houzez Theme is an Unauthenticated Privilege Escalation vulnerability. The Houzez theme is a premium theme sold on ThemeForest and has over 35,000 sales. It’s described as a theme specifically designed for the real estate industry. It offers easy-to-use […]
If you’re a Shortcodes Ultimate user, please update the plugin to at least version 5.12.7. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin Shortcodes Ultimate (versions 5.12.6 and below), which has over 700,000 active installations is known as a plugin that […]
Welcome to the Patchstack Weekly Security Update, Episode 60! This update is for week 8 of 2023. This week’s news is about static sites and security. Did you know with the right plugin WordPress can be used to generate HTML? If you have a non-interactive website, you could benefit from using static sites to practically […]
There’s a vulnerability in Rank Math SEO Plugin. If you’re a Rank Math SEO user, please update the plugin to at least version 1.0.107.3. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin Rank Math SEO (versions 1.0.107.2 and below), which has […]
Welcome to the Patchstack Weekly Security Update, Episode 59! This update is for week 7 of 2023. This week’s knowledge share will be about virtual patching. I will explain how it works, why vPatching through Patchstack is different, and how it can save you from a lot of stress and anxiety when it comes to […]
Welcome to the Patchstack Weekly Security Update, Episode 58! This update is for week 6 of 2023. It is the start of February. This week, I learned a fun fact about something security related Automattic is leading the way on. In this week’s knowledge share, I will explain a proposed security standard that Automattic has […]
If you’re a WP Statistics plugin user, please update the plugin to at least version 13.2.11. Patchstack paid plan users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin WP Statistics (versions 13.2.10 and below), which has over 600.000 active installations is a Privacy-focused […]
Introduction This article will introduce concepts about how computers schedule tasks with cron and how WordPress’s cron implementation “WP-Cron” works more like a queue instead of a scheduler. I will share some of the implications queueing instead of scheduling may have, as well as how to remediate the risk for site owners and what WordPress […]
These are interesting times for open-source security. Over the past year or so we’ve seen a significant increase in collaboration when it comes to making the WordPress ecosystem safer. This is a strong signal that the community is moving towards a more mature approach to security – and this will benefit everybody. So in that […]
If you’re a LearnPress user, please update the plugin to at least version 4.2.0. Patchstack paid plan users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction to the LearnPress plugin vulnerability The plugin LearnPress (versions 4.1.7.3.2 and below), which has over 100,000 active installations is […]