The vulnerability in the GiveWP plugin was originally reported by Patchstack Alliance community member Edisc from Zalopay Security to the Patchstack Zero Day bug bounty program for WordPress. Patchstack Zero Day program has awarded the researcher a bounty of $2,600 USD. If you wish to participate in the program, you can join the community here. […]
This blog post is about Fancy Product Designer plugin vulnerabilities. If you’re a Fancy Product Designer user, please delete or deactivate the plugin until the patch is released by the vendor. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, […]
These days, spinning up a new WordPress website is quick and easy, but securing it is not so straightforward. In this post, we will cover some of the most critical things that you need to consider when setting up security for your WordPress website. This guide is divided into three sections: Each section corresponds to […]
As a WordPress site owner, dealing with the aftermath of a redirect hack can be a daunting and frustrating experience. Malicious actors are constantly finding new ways to exploit vulnerabilities and hijack your website, redirecting your visitors to spammy or malicious destinations without your knowledge or consent. In this comprehensive guide, we’ll walk you through […]
If you manage a WordPress website, you may have heard of SQL injection (also known as SQLi), a type of cyberattack. If so, you’ll probably know how ludicrously simple they are – and how devastating. Whether you’re familiar with this type of attack or you need to learn more, in this article, we’ll cover exactly […]
This blog post is about the WPLMS and VibeBP vulnerabilities. If you’re a WPLMS and VibeBP user, please update the plugin to at least version 1.9.9.5.3 and 1.9.9.7.7 respectively. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security […]
When you visit any website on the internet, the server delivering the web page instructs your browser on how to process this information by passing meta-data called headers. In this post, we’ll explore the importance of the X-Frame-Options header in WordPress and how to configure it. Additionally, we will consider a modern replacement for X-Frame-Options, […]
Cross-site scripting (XSS) is an exploitation technique that allows hackers to run arbitrary code on a compromised website. Needless to say, it is a serious risk for any web application, and our experts at Patchstack regularly receive notifications about new XSS vulnerabilities being discovered. In this post, we will discuss what cross site scripting is […]
If you stay up to date with cyber security news, you might have heard of Google’s Threat Analysis Group discovering a financially motivated phishing campaign targeting YouTubers. Researchers found that attackers lured creators with fake collaboration opportunities (such as anti-virus software demos or VPN offers). Once the target agreed, they sent malware disguised as software […]
We are excited to announce that the entire Patchstack App is now accessible completely as an API and as of today – all Patchstack Developer accounts can use the API without any extra charge. With more than 100 endpoints to interact with, the possibilities are truly endless. This is an important step for us which […]