Welcome back to the Patchstack Weekly security update! This update is for week 10 of 2022 it is the beginning of March. In this week I will cover a few high-risk vulnerabilities found in WordPress components, give an update on the insecure old Freemius library situation and discuss last month’s additions to the Patchstack database. […]
Welcome back to the Patchstack Weekly security update! This update is for week 9 of 2022 and focuses on insecure libraries. This week has been a heavy news week for the world, and open-source, specifically WordPress security concerns were no exception. There are 5 plugins that have released patches for serious vulnerabilities this week, as […]
Welcome back to the Patchstack Weekly security update! This update is for week 8 of 2022 and will dive into several vulnerabilities and talk about vulnerability risks. This week’s vulnerability news will have a lot to cover. One WordPress plugin had a vulnerability so severe the WP.org team initiated an auto-update for all installations. Another […]
We’re beyond excited to announce that Plesk has selected Patchstack as its security partner to allow WP Toolkit users to detect security vulnerabilities in their WordPress websites. Patchstack will be integrated with WP Toolkit to provide both; vulnerability detection and protection. Plesk is the leading WebOps hosting platform to run, automate and grow applications, websites, […]
Welcome back to the Patchstack Weekly security update! This update is for week 6 of 2022. Last week, two high severity vulnerabilities were patched by the developers of WP Spell Check and Revolut Gateway for WooCommerce. Both of these plugins patched unauthenticated SQL injection vulnerabilities, so that will be the topic of this week’s knowledge […]
The plugin Responsive Menu – Create Mobile-Friendly Menu (versions 4.1.7 and below), which has over 100.000 active installations, suffers from a critical vulnerability. This vulnerability allows any authenticated user, regardless of their authorization, to execute nearly all of the actions that only administrators are supposed to be able to execute. Do you want to be […]
Welcome back to the Patchstack Weekly security update! It is the beginning of February and this update is for the fifth week of 2022. This week I will share some of the core principles of open-source software development and how security researchers participate in them, as well explaining why open source projects should always have […]
This blog post introduces the many players in open-source security and what happens when we find a vulnerability in WordPress plugin. There are people in many different roles, that play a part in open-source security beyond the developers and the end-users of their open-source projects. Patchstack engages with people of varying roles, who have different […]
A critical vulnerability was fixed in the WordPress plugin Essential Addons for Elementor. Do you want to be the first to be alerted about such vulnerabilities? Sign up for Patchstack. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Update February 1st, 2022: we would like to make clear that we did not originally […]
An Update A few weeks ago we disclosed the first batch of insecure WordPress themes with an un-patched authenticated vulnerability within them. This post is a follow up, where we disclose more issues in those same themes. You can read our first post here. In the time between the full timeline of events that go […]