Welcome back to the Patchstack Weekly Security Update! This update is for week 29 of 2022. This week’s weekly knowledge share is a response to the all too common headlines about “Millions of WordPress websites are under attack” we see every so often. I will share why attempted attacks are just the background radiation of […]
Welcome one and all to the monthly Patchstack Alliance round-up! Each month we give out rewards and recognition to our community of researchers for their contributions to finding WordPress vulnerabilities. Below you’ll find the leaderboard and winners of June’s bug hunt. What is Patchstack Alliance? Patchstack Alliance is a community of ethical hackers and researchers […]
Abandonware is a silent security risk. With no developer or project lead to address bugs, especially security bugs, you are running code that has no support. If, or when, a security bug is found in an unsupported or abandoned project, then the users who rely on that project will be left with no recourse. They […]
This week I will talk about the importance of removing unused code and components from your websites. Simply disabling a theme or plugin is not enough – reviewing and deleting these things has to become a habit. I will also cover a few vulnerability highlights, including 10 abandoned components that have known unpatched vulnerabilities in […]
⚠️ Attention! New updates marked with green color and warning sign will come into force from 2025 May 1st. (00:00 UTC). 1. Introduction 1.1. Patchstack operates an open bug bounty program with a specific focus on the WordPress ecosystem, as detailed on our website: https://patchstack.com/bug-bounty/. 1.2. We adhere to the UTC format for all program-related […]
Patchstack::helpers is a series of interviews with people who have helped open-source projects and open-source related communities. For this inaugural episode, we did not look far. We will be interviewing the CEO of Patchstack, Oliver Sild. Oliver also co-founded the first co-working space in Pärnu, Estonia, and is a believer in the power of community. […]
In this article, we will explain what CSV injection is and how can CSV files be exploited. We will also shed some light on how to secure against CSV injection vulnerabilities and protect your site even further. We will also highlight a plugin affected by a CSV Injection vulnerability that at the time of writing […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 26 of 2022. Introduction This week’s Patchstack Weekly is a little different, and a little longer – I will be sharing with you highlights of a conversation I had with Rotem Bar. Rotem works at Cider Security as Head of Marketplace Integrations […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 25 of 2022. This week’s knowledge share will include some tips for WordPress site owners on what to look out for when choosing secure plugins. I will also share vulnerability news, with one critical issue to discuss which may have already been […]
TL;DR A critical security bug in Ninja Forms (1+ million installations) was patched by the plugin’s developers this week. The security bug posed a high risk, as it could result in unauthenticated object injection. Successful attacks could create arbitrary Classes within WordPress (and execute a function or method defined within). The WordPress.org plugins team took […]