Welcome to the Patchstack Weekly Security Update, Episode 42! This update is for week 40 of 2022. In this week’s knowledge share I will continue to share with you some tips and tricks with OWASP ZAP. I will go over ZAP’s HUD – or heads-up display – so you can get an idea of what […]
Welcome to the Patchstack Weekly Security Update, Episode 41! This update is for week 39 of 2022. This week I will be introducing you to OWASP ZAP – an open-source web application security tool written by developers, for developers. It’s a great tool for those who want to get their hands dirty testing their web […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 38 of 2022. Week 37 had no weekly because I was attending and speaking at WordCamp US 2022 hosted in San Diego, California, USA. This week I will share highlights from WordCamp US, as well as point out one vulnerability of concern […]
It’s September, which means it’s time to look back at what our security researchers got up to in the last month of summer – and what a hot time it was! A very busy august The Patchstack Alliance reported 105 new validated vulnerabilities last month. This doesn’t mean that WordPress plugin developers have gotten lazy […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 36 of 2022. This week, I will be giving an unofficial WordPress Security Release announcement discussing the changes I found in the recent 6.0.2 release. And dig into the risks or lack thereof posed by these security bugs that were patched in […]
We’re excited to announce a partnership between Patchstack and Hostinger! With the help of Patchstack, Hostinger is now providing all its customers with up-to-date information about security vulnerabilities in their WordPress websites. If you’re a Hostinger customer, you can check the security status of all your installed WordPress plugins, themes, and core versions directly from […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 35 of 2022. This week’s vulnerability roundup will feature three plugins that did not receive patches for serious bugs found in their code recently and one plugin that patched an arbitrary options table update bug. But first, in this week’s knowledge share, […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 34 of 2022. This week, I will share with you two plugins that patched security bugs you should know about in the weekly vulnerability roundup. But first, the weekly knowledge share. Which will be all about severity scores associated with security bugs […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 33 of 2022. In this week’s knowledge share where I will be discussing the practice of handling security bugs. I will then discuss only one insecure plugin in this week’s vulnerability news. Unfortunately, the plugin did not receive a security patch for […]
Recently, I learned something new. A new twist on a security bug in PHP that I am already familiar with: PHP Object Injection. What was new, was this security bug can be found when code uses “new” to create an object or class in PHP, and gets passed the Class name from user input. Today, […]