The MailerLite Sign Up Forms plugin (version 1.4.4 and below) has multiple SQL injection and CSRF vulnerabilities. The MailerLite Sign Up Form WordPress plugin makes it easy to grow your newsletter subscriber list from your WordPress blog or website. The plugin automatically integrates your WordPress form with your MailerLite email marketing account.” The MailerLite Sign […]
In this article, we will explain how to report WordPress security vulnerabilities to both Patchstack open database and manually to the vendors or the WordPress security team. In 2020 nearly 600 unique security vulnerabilities were found in WordPress plugins, themes, and the WordPress core combined. The majority of such vulnerabilities were found and reported by independent security […]
This summer has been something else. The world has changed over the past years. The internet has changed. WordPress ecosystem has been needing a hero, someone who could keep everybody safe in these uncertain times. Our hero has been hiding for a long time, moving in the darkness to neutralize evil. Our hero is a […]
In this article, we will introduce our Alliance (formerly Red team) members from the Sun* team. The Sun* team has been an Alliance member since March. Sun* (Sun Asterisk) is a Digital Creative Studio with the mission of connecting international businesses with top talents in Asia. They have always made every effort to bring the […]
This security advisory is written about the WooCommerce SQL Injection vulnerability. Patchstack users are safe from the vulnerability. Update July 16th, 2021: we have seen a few attacks starting to happen around the evening time on July 15th, 2021. These attacks seem to be very limited so far, but seem to be using UNION and […]
Over the past 2 months, Patchstack Alliance has helped to identify and fix over 400 security vulnerabilities found in WordPress plugins and themes. We have monthly cash prizes for security researchers who report vulnerabilities to Patchstack Database (in July – it’s $1500 USD). But… we want to show our deep appreciation for the Patchstack Alliance […]
This guide will help you give answers to the question – has my WordPress site been hacked? WordPress sites get hacked all the time, so you need to make sure that you can recognise the signs of a hack as soon as possible. To try and aid with this, we’re looking at some of the […]
Nulled WordPress themes and nulled plugins appear as one of the biggest threats to WordPress security nowadays. One of the key features that have led to the success of WordPress is the wide range of available themes and plugins. There are tens of thousands of free WordPress plugins and themes to choose from. And an […]
In this guide, we’ll explain how pharma spam works. We will offer some tips for checking if you have any pharma spam on your website. Finally, we’ll share a few tips for securing your website against this kind of attack. What is pharma spam or pharma hack? Pharma spam or pharma hack is a type […]
What is Google Dorking? Google Dorking or Google Hacking is a search technique that involves advanced operators to craft specific search queries. These search queries could provide SERPs (Search Engine Results Pages) with a list of vulnerable sites. The exploitation of the Google Search Engine makes it possible to look up sensitive data and vulnerable […]