Updates since April 4, 2024 This blog post is about an unpatched Remote Code Execution (RCE) vulnerability discovered in Oxygen and Breakdance builder. At the time of publication of this security advisory article, there is still no patch available on the latest version of the affected components. We hope that the developer will be implementing […]
This blog post is about the REHub theme and plugin vulnerabilities. If you’re a REHub user, please update the plugin to at least version 19.6.2 on both the theme and the plugin. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the REHub Theme and Plugin […]
This blog post is about the Automatic plugin vulnerabilities. If you’re an Automatic user, please update the plugin to at least version 3.92.1. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the Automatic Plugin The plugin Automatic (premium version), which is estimated to have over […]
The vulnerability in the GOTMLS plugin was originally reported by stealthcopter to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the GOTMLS plugin vulnerability. If you’re a GOTMLS user, please update the plugin to at least […]
This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 5.7.0.1. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Enterprise API for hosting companies. About the LiteSpeed Cache Plugin The plugin LiteSpeed Cache (free version), which has over 4 […]
The vulnerability in the Bricks Builder Theme was originally reported by snicco to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the Bricks Builder Theme vulnerability. If you’re a Bricks Builder Theme user, please update the […]
WordPress 6.4.3 was released on January 30th, 2024, which includes two low-severity security fixes. This security fix addresses two potential security issues. The first one is an Administrator+ arbitrary PHP file upload on the plugin and theme upload functionality. The second issue is a potential security issue that can only be exploited if another vulnerability […]
This blog post is about an AI Engine plugin vulnerability. If you’re an AI Engine user, please update the plugin to at least version 1.9.99. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the AI Engine Plugin The plugin AI Engine (free version), which has over 50,000 active installations, is […]
This blog post is about the Porto Theme’s plugin vulnerability. If you’re a Porto Theme user, please update the plugin to at least version 2.12.1. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Porto Theme’s Plugin The plugin Porto Theme – Functionality (premium version) is a required plugin for […]
This blog post is about Themify Ultra theme vulnerability. If you’re a Themify Ultra user, please update the theme to at least version 7.3.6. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Themify Ultra Theme The theme Themify Ultra (premium version), which is estimated to have over 70,000 active […]