Category: Featured

This blog post is about ListingPro theme vulnerabilities. If you’re a ListingPro user, please update the theme and plugin to version 2.9.5 or higher. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the ListingPro Theme and Plugin The theme ListingPro (premium version), which has over […]

Our mission to provide the fastest mitigation to security vulnerabilities is core to our long-term vision of becoming a global cyber-security leader with the biggest impact on open-source security. Today, we are excited to finally reveal the next chapter of our journey. We truly believe that the only way to reach a dream so ambitious […]

There are thousands of “WordPress security plugins” listed on the official WordPress plugin repository, which claim to offer some security-related functionality and serve some purpose related to securing WordPress. This is not surprising. In our state of WordPress security report, we highlighted that nearly 42% of WordPress sites have at least one vulnerable software component. […]

This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 6.5.0.1. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. Patchstack is the official security partner for LiteSpeed Cache. Patchstack is […]

The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member John Blackbourn to the Patchstack Zero Day bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This vulnerability has been rewarded the highest bounty in the history of WordPress […]

This blog post is about the WP Time Capsule plugin vulnerability. If you’re a WP Time Capsule plugin user, please update to at least version 1.22.21. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Backup and Staging by WP Time CapsulePlugin Backup and Staging […]

On the 25th of June 2024, Sansec released a security advisory article regarding the Polyfill supply chain attack. Intro Polyfill.js is a popular JavaScript library that provides modern functionality on older browsers that do not natively support it. The implementation of Polyfill.js is mostly attached to an HTML tag as a script. This allows the […]

On the 24th of June 2024, WordPress.org released a security update and recommended users update their sites as soon as possible. This WordPress core 6.5.5 security release addresses 3 different security vulnerabilities that affect multiple WordPress core versions. For many, WordPress automatically updates the core to the latest version. Check if your WordPress version is […]

This blog post is about WooCommerce Amazon Affiliates (WZone) plugin vulnerabilities. If you’re a WooCommerce Amazon Affiliates (WZone) user, please deactivate and delete the plugin since there is still no known patched version. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the WZone Plugin The […]

Slider Revolution came to us with a request to audit their product for potential vulnerabilities since they wanted to make sure that their users’ websites were not vulnerable to an attack. This blog post discusses our audit findings, which we have been authorized to publicize. If you’re a Slider Revolution user, please update the plugin […]