Welcome back to the Patchstack Weekly Security Update! This update is for week 24 of 2022. This week I will cover two high risk unauthenticated vulnerabilities, one could allow attackers to reset an any user’s password (including admin users) and the other could arbitrarily delete files from websites running insecure versions of the plugin. Thankfully […]
WordPress vulnerability news is a weekly digest of highlighted WordPress plugin security vulnerabilities or vulnerability discloses that have been published (there are other, less critical vulnerabilities on smaller plugins that unfortunately don’t make it to the list). Keeping up to date with security vulnerabilities in WordPress and other CMSs is an important part of security. […]
Welcome back to the Patchstack Weekly security update! This update is for week 23 of 2022. It is the beginning of June, and WordCamp Europe is underway as I write this. WordCamps are the in-person community events for the WordPress community, and WordCamp Europe 2022 is the largest to be run in the last 2 […]
Welcome back to the Patchstack Weekly security update! This update is for week 22 of 2022. This week there is only one high-risk security bug patched to report on in the vulnerability news. During this week’s knowledge share I will talk about the incident response plan and the importance of having it ready for worst-case […]
This week was the official release of WordPress 6.0. The release was named after Grammy award-winning Latin jazz and Afro-Cuban jazz musician Arturo O’Farrill, who has a website running none other than WordPress! What a great reminder, of how WordPress powers many independent websites. UI updates in WordPress 6.0 Users who upgrade to WordPress 6.0 […]
Welcome back to the Patchstack Weekly security update! This update is for week 21 of 2022. In this week’s knowledge share, I will talk more about communicating security. But, not too much, because this week I will talk about over-communicating security, also known as alert fatigue. Of course, I will start with a few notable […]
Welcome back to the Patchstack Weekly security update! This update is for week 20 of 2022. This week I will talk about the importance of communication and how to communicate security when it comes to security issues. Starting from developers needing to communicate security bugs being patched and ending with how Patchstack partners are experiencing […]
In March 2021, we started a bug-hunting program where together with partners, we reward developers and ethical hackers who help us make the WordPress ecosystem more secure. Since then, we have received more than 1000 security reports and paid out $17,450 USD as cash rewards. This is all possible thanks to our dear partners who […]
Welcome back to the Patchstack Weekly security update! This update is for week 19 of 2022 and is about secure AJAX endpoints and WordPress vulnerabilities. This week in vulnerability news, I will share two WordPress plugins with security bugs that have no patch available. One could lead to tricking logged-in users to run arbitrary code […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 18 of 2022. This week I will talk about an obscure vulnerability, something that is commonly overlooked and missed by developers, bug bounty hunters, and security researchers alike. PHP Object Injection, also known as Insecure Unserialize. I will get started with this […]