The great open-source bazaar. This is the idea to bring as many vendors (open source developers) under one roof (or repository) to share their wares with whoever may be interested. This sounds well and good, but this bazaar has one big secret. Look closely at some of the offerings and you may expose concerns about […]
We are beyond excited to celebrate the winter holidays and the launch of the Patchstack Alliance Discord community with a special WordPress bug-hunting event taking place throughout December 2022. In December, we released a public leaderboard and profiles for the top security researchers who contribute to making WordPress and the open-source web more secure. You […]
Welcome to the Patchstack Weekly Security Update, Episode 50! This update is for week 49 of 2022. This week’s knowledge share is about the lingering problems that can happen after a compromise. This is related to the recent news of LastPass reporting a secondary incident months after an initial break-in. I will discuss this negative […]
Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open-source projects. With an initial focus on plugins found in the WordPress.org plugin repository This post will review the webmaster-tools-verification plugin. This plugin was first created in 2009 and is extremely simple […]
Welcome to the Patchstack Weekly Security Update, Episode 49! This update is for week 47 of 2022. This week’s knowledge share will be all about how to find bugs in code – security bugs that is. I will share techniques I use for basic static code analysis and provide examples of what to look out […]
Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open-source projects. With an initial focus on plugins found in the WordPress.org plugin repository Today I will be discussing how to address an unauthenticated remote code execution vulnerability in the member-hero plugin. […]
Welcome to the Patchstack Weekly Security Update, Episode 48! This update is for week 46 of 2022. This week’s knowledge share is about the security concern caused when software has been abandoned or has reached its end of life (EOL). I will discuss what the risks of running unsupported software, and what you can do […]
Welcome to Patchstack’s “Last Patch”. This is a short series of blog posts where we will be discussing and patching unpatched security bugs in open source projects. With an initial focus on plugins found in the WordPress.org plugin repository The troubling truth is some open source projects do not receive patches when security bugs are […]
Welcome to the Patchstack Weekly Security Update, Episode 47! This update is for week 45 of 2022. This week’s knowledge share is about the PHP world’s smallest security bug. I say smallest because it is one character long. You may wonder, how could one character cause so much chaos? Stick around for this week’s knowledge […]
Welcome to the Patchstack Weekly Security Update, Episode 46! This update is for week 44 of 2022. This week I was surprised to find I have not yet talked about the most prevalent security bug found in web applications in these weekly episodes. It has been talked about ad nauseam by security professionals, warning the […]