This article shares some light on how WordPress hosting companies can increase their recurring revenue by sending out WordPress security alerts. The majority of security vulnerabilities in the WordPress ecosystem originate from plugins and themes. In fact, based on the WordPress security 2021 whitepaper where every known security vulnerability was counted, over 99% originated from […]
Welcome back to the Patchstack Weekly security update! This update is for week 17 of 2022. This week I have a handful of vulnerabilities to share with you. Including 3 unauthenticated SQL injection security bugs that were patched, and 3 security bugs that could lead to files being uploaded to websites running these affected plugins. […]
Welcome back to the Patchstack Weekly security update! This update is for week 16 of 2022 and is about the power of transparency in open source, and how anyone can utilize this transparency to learn secure code review. This week I will talk about the power of transparency in open source as it pertains to […]
A critical vulnerability was fixed in the WordPress plugin Elementor. Do you want to be the first to be alerted about such vulnerabilities? Sign up for Patchstack. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Note: we are still gathering more information on this vulnerability, such as the requirements to exploit this vulnerability […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 15 of 2022 and will talk about WordPress security history. This week is a special episode. There were not many critical vulnerabilities to cover this week. So I will skip the vulnerability news and share with you, a lesson about WordPress security […]
Welcome back to the Patchstack Weekly security update! This update is for week 14 of 2022 and I will talk about the first 5 steps to a secure WordPress. This week has a lot of vulnerability news to cover, and I will be sharing it as a 3-2-1 punch of 3 plugins that received no […]
Welcome back to the Patchstack Weekly security update! This update is for week 13 of 2022. This week, I will talk about two high-risk vulnerabilities in two WordPress plugins with one big difference: One was patched, one was not. In this week’s knowledge share I will share some new WP-CLI Security commands that were just […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 12 of 2022 and this week we’ll talk about WordPress vulnerabilities and WordPress file uploads. This week in WordPress-related vulnerabilities, I will talk about 3 plugins that have each been patched due to high-risk security bugs found in their code. I will […]
Patchstack Red Team is now Patchstack Alliance. Exactly 1 year ago, Patchstack kicked off a bug hunting community that gathered together ethical hackers who contribute to making the WordPress ecosystem more secure. After an exciting year of working together with researchers all around the world, we learned that this initiative could have an even bigger […]
Welcome back to the Patchstack Weekly security update! This update is for week 11 of 2022. This week is all about plugin vulnerabilities and the State of WordPress Security 2021 whitepaper. There is some big news this week, but really I should say last week. Patchstack released our State of WordPress Security Whitepaper for 2021 […]