Welcome back to the Patchstack Weekly Security Update! This update is for week 15 of 2022 and will talk about WordPress security history. This week is a special episode. There were not many critical vulnerabilities to cover this week. So I will skip the vulnerability news and share with you, a lesson about WordPress security […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 12 of 2022 and this week we’ll talk about WordPress vulnerabilities and WordPress file uploads. This week in WordPress-related vulnerabilities, I will talk about 3 plugins that have each been patched due to high-risk security bugs found in their code. I will […]
Patchstack Red Team is now Patchstack Alliance. Exactly 1 year ago, Patchstack kicked off a bug hunting community that gathered together ethical hackers who contribute to making the WordPress ecosystem more secure. After an exciting year of working together with researchers all around the world, we learned that this initiative could have an even bigger […]
Welcome back to the Patchstack Weekly security update! This update is for week 9 of 2022 and focuses on insecure libraries. This week has been a heavy news week for the world, and open-source, specifically WordPress security concerns were no exception. There are 5 plugins that have released patches for serious vulnerabilities this week, as […]
We’re beyond excited to announce that Plesk has selected Patchstack as its security partner to allow WP Toolkit users to detect security vulnerabilities in their WordPress websites. Patchstack will be integrated with WP Toolkit to provide both; vulnerability detection and protection. Plesk is the leading WebOps hosting platform to run, automate and grow applications, websites, […]
The plugin Responsive Menu – Create Mobile-Friendly Menu (versions 4.1.7 and below), which has over 100.000 active installations, suffers from a critical vulnerability. This vulnerability allows any authenticated user, regardless of their authorization, to execute nearly all of the actions that only administrators are supposed to be able to execute. Do you want to be […]
An Update A few weeks ago we disclosed the first batch of insecure WordPress themes with an un-patched authenticated vulnerability within them. This post is a follow up, where we disclose more issues in those same themes. You can read our first post here. In the time between the full timeline of events that go […]
With the latest version of the Patchstack plugin, we have re-introduced WordPress login page protection – a feature to block access to the standard login page. About security through obscurity Recently we removed the ability to “hide” the wp-login.php and /wp-admin/ (which redirects to the login page) pages due to the fact that the real […]
In this article, we will introduce our Alliance (formerly Red Team) member Lenon Leite. Lenon has been an Alliance member since March 2021. Patchstack Alliance is a community of independent security researchers who contribute to building a safer web. The Alliance members identify and report security vulnerabilities in WordPress plugins and themes to help software vendors address security issues […]
We’ve always wanted security to be accessible for as many people as possible. Earlier this year we opened a free-to-use WordPress vulnerability database that the WordPress community could use to keep up with the latest vulnerabilities. While our WordPress vulnerability database has become immensely popular, we’ve heard that many would love to set up alerts […]