Remaining committed to protecting the security and privacy of your visitors (and users) is as important as it always has been in our eyes. Studies back in 2003 (yes, that’s around 20 years ago) found that there was an attack every 39 seconds on average. And some statistics now suggest up to 30,000 websites are […]
WordPress is (by far) the most popular content management system – and of course, as big advocates ourselves, it’s easy to see why. That said, powering more than 40% of all websites on the internet also means WordPress sites are targeted every day. But, although they are the target of attempted attacks every single day […]
For the last two years, the results of the Patchstack open-source bounty program have been growing fast. In January alone, we’ve received 418 valid vulnerability reports. We crossed the mark of 1K valid vulnerability reports this year at the beginning of April and then added over 1000 vulnerabilities in July alone, so you can imagine […]
Websites made with WordPress usually rely heavily on third-party software components like plugins and themes. Every single day, hackers and security enthusiasts find new vulnerable plugins or vulnerabilities across different WordPress plugins and themes. In 2022 alone we added 4,528 new known security bugs to our WordPress vulnerability database. Keeping the number of plugins on […]
Welcome back to Patchstack’s “Last Patch”. This is a special episode, normally these blog posts are lessons in defensive coding tactics using a plugin that has already been disabled due to abandonment. However, in this post I will share with you the happy story about a plugin author that was able to apply the recommended […]
Introduction This article will introduce concepts about how computers schedule tasks with cron and how WordPress’s cron implementation “WP-Cron” works more like a queue instead of a scheduler. I will share some of the implications queueing instead of scheduling may have, as well as how to remediate the risk for site owners and what WordPress […]
Accepting your mistakes. The human experience is full of mistakes, failures, and folly. I would say this is “the truth” but this statement itself may be wrong, and I accept that .. but I’m saying this first to make my next point. Mistakes make the world go round. We can observe a fault and learn […]
The purpose of this article is to provide information to developers and researchers regarding how vulnerabilities can exist in their plugins or themes and how these vulnerabilities can get patched up in order to increase the safety of the world-wide-web in general. Note that we will only provide basic information about these vulnerabilities. There is […]
When people come together, contribute to a like-minded goal. Great things can happen. Community is inherent in any successful open source project. The good news is, connecting with others is something humans are good at doing. The bad news is, not all open source projects benefit from this. Connection and community are powerful tools for […]
The great open-source bazaar. This is the idea to bring as many vendors (open source developers) under one roof (or repository) to share their wares with whoever may be interested. This sounds well and good, but this bazaar has one big secret. Look closely at some of the offerings and you may expose concerns about […]