The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member John Blackbourn to the Patchstack Zero Day bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This vulnerability has been rewarded the highest bounty in the history of WordPress […]
This blog post is about the WP Time Capsule plugin vulnerability. If you’re a WP Time Capsule plugin user, please update to at least version 1.22.21. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Backup and Staging by WP Time CapsulePlugin Backup and Staging […]
On the 25th of June 2024, Sansec released a security advisory article regarding the Polyfill supply chain attack. Intro Polyfill.js is a popular JavaScript library that provides modern functionality on older browsers that do not natively support it. The implementation of Polyfill.js is mostly attached to an HTML tag as a script. This allows the […]
On the 24th of June 2024, WordPress.org released a security update and recommended users update their sites as soon as possible. This WordPress core 6.5.5 security release addresses 3 different security vulnerabilities that affect multiple WordPress core versions. For many, WordPress automatically updates the core to the latest version. Check if your WordPress version is […]
This blog post is about WooCommerce Amazon Affiliates (WZone) plugin vulnerabilities. If you’re a WooCommerce Amazon Affiliates (WZone) user, please deactivate and delete the plugin since there is still no known patched version. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the WZone Plugin The […]
Slider Revolution came to us with a request to audit their product for potential vulnerabilities since they wanted to make sure that their users’ websites were not vulnerable to an attack. This blog post discusses our audit findings, which we have been authorized to publicize. If you’re a Slider Revolution user, please update the plugin […]
This blog post is about the UserPro plugin vulnerabilities. If you’re a UserPro user, please update the plugin to at least version 5.1.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the UserPro Plugin The plugin UserPro (premium version), which has over 20,000 sales, is […]
This is a blog post about research of an additional vulnerability scenario of the root cause that led to the publicly known WordPress Core Blind SSRF. More affected components were found that may affect hundreds of plugins in the wild. WordPress core itself is not affected by this, but the plugins that are using the […]
This blog post is about the XStore theme and plugin vulnerabilities. If you’re an XStore user, please update the theme to at least version 9.3.9 and the plugin to at least version 5.3.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the XStore Theme and […]
This blog post is about the Uncode Core plugin vulnerabilities. If you’re a Uncode user, please update the core plugin to at least version 2.8.9. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Uncode Core Plugin The plugin Uncode Core (premium version) is a […]