Welcome back to the Patchstack Weekly Security Update! This update is for week 36 of 2022. This week, I will be giving an unofficial WordPress Security Release announcement discussing the changes I found in the recent 6.0.2 release. And dig into the risks or lack thereof posed by these security bugs that were patched in […]
We’re excited to announce a partnership between Patchstack and Hostinger! With the help of Patchstack, Hostinger is now providing all its customers with up-to-date information about security vulnerabilities in their WordPress websites. If you’re a Hostinger customer, you can check the security status of all your installed WordPress plugins, themes, and core versions directly from […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 35 of 2022. This week’s vulnerability roundup will feature three plugins that did not receive patches for serious bugs found in their code recently and one plugin that patched an arbitrary options table update bug. But first, in this week’s knowledge share, […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 34 of 2022. This week, I will share with you two plugins that patched security bugs you should know about in the weekly vulnerability roundup. But first, the weekly knowledge share. Which will be all about severity scores associated with security bugs […]
Each month we give out rewards and recognition to our community of security researchers and ethical hackers for their contributions to finding WordPress vulnerabilities. Below you’ll find the leaderboard and winners of July’s bug hunt. July 2022 summary Our researchers caught some seriously big fish in July – one reported vulnerability was found in a […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 33 of 2022. In this week’s knowledge share where I will be discussing the practice of handling security bugs. I will then discuss only one insecure plugin in this week’s vulnerability news. Unfortunately, the plugin did not receive a security patch for […]
Recently, I learned something new. A new twist on a security bug in PHP that I am already familiar with: PHP Object Injection. What was new, was this security bug can be found when code uses “new” to create an object or class in PHP, and gets passed the Class name from user input. Today, […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 32 of 2022. It is August, and the Patchstack Alliance is growing. New security researchers have joined the alliance in the last month, and we are receiving some great reports of serious security bugs in open source components affecting millions of websites […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 31 of 2022. In this week’s knowledge share, I will talk about nulled plugins and themes – how they are a hidden security risk, how they harm trust in open source, and what you can do to make things right. I will […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 30 of 2022. This week I will finally get to talk about SSRF! SSRF stands for Server Side Request Forgery. This is a category of application vulnerability that is sometimes overlooked but could allow attackers to bypass security measures and turn a […]