Welcome back to the Patchstack Weekly Security Update! This update is for week 32 of 2022. It is August, and the Patchstack Alliance is growing. New security researchers have joined the alliance in the last month, and we are receiving some great reports of serious security bugs in open source components affecting millions of websites […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 31 of 2022. In this week’s knowledge share, I will talk about nulled plugins and themes – how they are a hidden security risk, how they harm trust in open source, and what you can do to make things right. I will […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 30 of 2022. This week I will finally get to talk about SSRF! SSRF stands for Server Side Request Forgery. This is a category of application vulnerability that is sometimes overlooked but could allow attackers to bypass security measures and turn a […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 29 of 2022. This week’s weekly knowledge share is a response to the all too common headlines about “Millions of WordPress websites are under attack” we see every so often. I will share why attempted attacks are just the background radiation of […]
This week I will talk about the importance of removing unused code and components from your websites. Simply disabling a theme or plugin is not enough – reviewing and deleting these things has to become a habit. I will also cover a few vulnerability highlights, including 10 abandoned components that have known unpatched vulnerabilities in […]
Patchstack::helpers is a series of interviews with people who have helped open-source projects and open-source related communities. For this inaugural episode, we did not look far. We will be interviewing the CEO of Patchstack, Oliver Sild. Oliver also co-founded the first co-working space in Pärnu, Estonia, and is a believer in the power of community. […]
In this article, we will explain what CSV injection is and how can CSV files be exploited. We will also shed some light on how to secure against CSV injection vulnerabilities and protect your site even further. We will also highlight a plugin affected by a CSV Injection vulnerability that at the time of writing […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 25 of 2022. This week’s knowledge share will include some tips for WordPress site owners on what to look out for when choosing secure plugins. I will also share vulnerability news, with one critical issue to discuss which may have already been […]
TL;DR A critical security bug in Ninja Forms (1+ million installations) was patched by the plugin’s developers this week. The security bug posed a high risk, as it could result in unauthenticated object injection. Successful attacks could create arbitrary Classes within WordPress (and execute a function or method defined within). The WordPress.org plugins team took […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 24 of 2022. This week I will cover two high risk unauthenticated vulnerabilities, one could allow attackers to reset an any user’s password (including admin users) and the other could arbitrarily delete files from websites running insecure versions of the plugin. Thankfully […]