This blog post is about an arbitrary .htaccess file overwrite vulnerability on the Rank Matho SEO plugin. If you’re a Rank Math SEO plugin user, please update the plugin to the latest version or at least to the version 1.0.232. If you are a Patchstack customer, you are protected from this vulnerability already, and no […]
This blog post is about an unauthenticated arbitrary file read vulnerability on the Jobify theme. If you’re a Jobify user, please delete or deactivate the theme until the patch is released by the vendor. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. […]
This blog post is about the Realy Simple Security plugin vulnerability. If you’re a Realy Simple Security user, please update the free, pro, and pro multisite plugin to at least version 9.1.2. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin […]
Patchstack is always looking for new ways to make the WordPress ecosystem safer by organizing various events for ethical hackers and security researchers. Our experiments sometimes lead to unexpected results. Also, these events sometimes uncover issues that were overlooked before. Our latest experiment took place in October. We announced a special event for our Bug […]
The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update […]
Over the past couple of weeks, we’ve noticed an increasing number of plugins not receiving updates through WordPress.org. Some have been banned and others cannot log in to their WordPress.org accounts due to the new login requirement under the checkbox “I am not affiliated with WP Engine in any way, financially or otherwise.“. It seems […]
This blog post is about Ultimate Membership Pro plugin vulnerabilities. If you’re an Ultimate Membership Pro user, please update the theme and plugin to version 12.8 or higher. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit […]
This blog post is about the LiteSpeed Cache plugin vulnerability which is originally reported by TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. If you’re a LiteSpeed Cache user, please update the plugin to at least version 6.5.1. If […]
Critical SQL Injection Alert: The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated SQL injection (CVE-2024-43917).
This blog post discusses about the findings on the Houzez theme and plugins that comes installed with it. If you’re a Houzez user, please update the theme to version 3.3.0 or higher and Houzez Login Register plugin to 3.3.0 or higher.