This blog post is about the Realy Simple Security plugin vulnerability. If you’re a Realy Simple Security user, please update the free, pro, and pro multisite plugin to at least version 9.1.2. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin […]
Patchstack is always looking for new ways to make the WordPress ecosystem safer by organizing various events for ethical hackers and security researchers. Our experiments sometimes lead to unexpected results. Also, these events sometimes uncover issues that were overlooked before. Our latest experiment took place in October. We announced a special event for our Bug […]
If you have been developing WordPress websites, your eyes might have wandered to the ‘WordPress salts’ section of the wp.config.php file. Have you ever wondered what these salts are and why we need them? If you answered ‘Yes’, then you are in the right place. In this post, you will learn everything you need to […]
The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update […]
Over the past couple of weeks, we’ve noticed an increasing number of plugins not receiving updates through WordPress.org. Some have been banned and others cannot log in to their WordPress.org accounts due to the new login requirement under the checkbox “I am not affiliated with WP Engine in any way, financially or otherwise.“. It seems […]
This blog post is about Ultimate Membership Pro plugin vulnerabilities. If you’re an Ultimate Membership Pro user, please update the theme and plugin to version 12.8 or higher. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit […]
Are you managing a large WordPress website with the help of a team? Do you constantly find yourself asking, “Who made this change?” Did someone break your WordPress website, and are you looking to get to the root of this issue? If you answered ‘yes’ to any of these questions, you’re in the right place […]
This blog post is about the LiteSpeed Cache plugin vulnerability which is originally reported by TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. If you’re a LiteSpeed Cache user, please update the plugin to at least version 6.5.1. If […]
Critical SQL Injection Alert: The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated SQL injection (CVE-2024-43917).
This blog post discusses about the findings on the Houzez theme and plugins that comes installed with it. If you’re a Houzez user, please update the theme to version 3.3.0 or higher and Houzez Login Register plugin to 3.3.0 or higher.