Welcome back to the Patchstack Weekly Security Update! This update is for week 24 of 2022. This week I will cover two high risk unauthenticated vulnerabilities, one could allow attackers to reset an any user’s password (including admin users) and the other could arbitrarily delete files from websites running insecure versions of the plugin. Thankfully […]
Welcome back to the Patchstack Weekly security update! This update is for week 23 of 2022. It is the beginning of June, and WordCamp Europe is underway as I write this. WordCamps are the in-person community events for the WordPress community, and WordCamp Europe 2022 is the largest to be run in the last 2 […]
Welcome back to the Patchstack Weekly security update! This update is for week 22 of 2022. This week there is only one high-risk security bug patched to report on in the vulnerability news. During this week’s knowledge share I will talk about the incident response plan and the importance of having it ready for worst-case […]
Welcome back to the Patchstack Weekly security update! This update is for week 21 of 2022. In this week’s knowledge share, I will talk more about communicating security. But, not too much, because this week I will talk about over-communicating security, also known as alert fatigue. Of course, I will start with a few notable […]
Welcome back to the Patchstack Weekly security update! This update is for week 20 of 2022. This week I will talk about the importance of communication and how to communicate security when it comes to security issues. Starting from developers needing to communicate security bugs being patched and ending with how Patchstack partners are experiencing […]
Welcome back to the Patchstack Weekly security update! This update is for week 19 of 2022 and is about secure AJAX endpoints and WordPress vulnerabilities. This week in vulnerability news, I will share two WordPress plugins with security bugs that have no patch available. One could lead to tricking logged-in users to run arbitrary code […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 18 of 2022. This week I will talk about an obscure vulnerability, something that is commonly overlooked and missed by developers, bug bounty hunters, and security researchers alike. PHP Object Injection, also known as Insecure Unserialize. I will get started with this […]
Welcome back to the Patchstack Weekly security update! This update is for week 17 of 2022. This week I have a handful of vulnerabilities to share with you. Including 3 unauthenticated SQL injection security bugs that were patched, and 3 security bugs that could lead to files being uploaded to websites running these affected plugins. […]
Welcome back to the Patchstack Weekly security update! This update is for week 16 of 2022 and is about the power of transparency in open source, and how anyone can utilize this transparency to learn secure code review. This week I will talk about the power of transparency in open source as it pertains to […]
Welcome back to the Patchstack Weekly Security Update! This update is for week 15 of 2022 and will talk about WordPress security history. This week is a special episode. There were not many critical vulnerabilities to cover this week. So I will skip the vulnerability news and share with you, a lesson about WordPress security […]