Patchstack weekly is a weekly security update made by Patchstack Security Advocate Robert Rowley. Every week Robert highlights the mentionable WordPress vulnerabilities, helps us learn something new about security, and gives thanks and appreciation to those who helped make the web a safer place. What to learn more about Robert? Read this: Meet Robert – […]
Welcome back to the Patchstack Weekly security update. It is the third week of 2022 and this episode is called WordPress vulnerabilities & Cross-Site Request Forgery. Within this session, I will inform you of 6 popular open-source WordPress components that have patched various vulnerabilities in their code, from information disclosure to cross-site scripting and cross-site […]
Welcome back to the Patchstack Weekly security update! This is Episode 6, released in the 2nd week of 2022. This episode focuses on two main topics – disclosure of unpatched vulnerabilities and supporting open source. In this week’s session, we will cover a WordPress plugin that patched a critical authenticated remote code execution bug. As […]
The decision to publicly report a vulnerability that has no patch does not come easily, however, in certain circumstances it is the only option available to protect users from running insecure code. You may have guessed where I am going with this if you have been reading or listening to the Patchstack Security Weekly updates […]
This blog post explains how to write custom firewall rules using Patchstack app. Patchstack App users get automatic protection against new plugin vulnerabilities via the default WAF (web application firewall) rules which are enough for most site owners. But, did you know the Patchstack app supports custom WAF rules as well? Knowing how to write […]
On the 6th of January 2022, WordPress.org released a security update and recommended users to “update your sites immediately”. This WordPress core 5.8.3 security update addresses 4 different security vulnerabilities which affect WordPress core versions between 3.7 and 5.8. For many, WordPress automatically updates the core to the latest version. Check if your WordPress version […]
Welcome to the Patchstack Weekly security update! This is the first Patchstack update for 2022, Happy New Year and let’s get into the security news and talk about factors of authentication. This week I will give a quick roundup detailing the number of vulnerabilities added to the Patchstack database last month and I will give […]
In this article, we won’t dive into technical details, but try to address a common misconception instead. We will explain what website security is in general, how to secure WordPress and answer the question – is WordPress secure? As per calculations, approximately 380 new websites are created every minute. However, the actual number of new websites being created every […]
Welcome back to the Patchstack Weekly security update! This update is for week 52 of 2021. This week marks the final week of 2021, and with the year coming to a close it is a great time to reflect on the past, present, and future. So that is the format of this week’s update. Starting […]
Welcome back to the Patchstack Weekly security update! This update is for week 51 of 2021. See the 49th Patchstack Weekly and the 50th Patchstack Weekly here. This week’s news may sound like deja-vu, as I will cover more of the same topics as I did last week. Log4j is still a leading security concern, […]