The vulnerability in Elementor was originally reported by Hồng Quân (luk6785 at VNPT-VCI) to our alliance program. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about an Elementor plugin vulnerability. If you’re an Elementor user, please update the plugin to at least version 3.18.2. […]
WordPress 6.4.2 has been released on December 6th, 2023, which includes an important security fix. This security fix addresses a potential security issue that can only be exploited if another vulnerability (PHP object injection) is already present on your WordPress site. This was originally introduced in version 6.4.0 of WordPress and was also available in […]
For the past couple of days, the Patchstack team has been monitoring a mass-scale phishing campaign with multiple variants of phishing emails going around that are notifying users about a supposed security vulnerability in their WordPress website. They claim it’s a “Remote Code Execution (RCE)” vulnerability and you are asked to immediately use a “Patch […]
This blog post is about a premium Thrive Theme vulnerability. If you’re a premium Thrive Theme user, please update the plugin to at least version 3.24.0. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Thrive Theme The theme Thrive (premium version), which is estimated to have over 110,000 active […]
This blog post is about the WooCommerce and Jetpack plugin vulnerability. If you’re a WooCommerce and Jetpack user, please update the plugin to at least version 8.2.0 and 12.8-a.3 respectively. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the WooCommerce and Jetpack plugin The plugin WooCommerce (versions <= 8.1.1, free […]
This blog post is about an Elementor plugin vulnerability. If you’re an Elementor user, please update the plugin to at least version 3.16.5. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Elementor Plugin The plugin Elementor (versions <= 3.16.4, free version), which has over 5 million active installations, is […]
On the 12th of October 2023, WordPress.org released a security update and recommended users update their sites as soon as possible. This WordPress core 6.3.2 security release addresses 7 different security vulnerabilities and 1 potential security issue that affects multiple WordPress core versions. For many, WordPress automatically updates the core to the latest version. Check […]
This blog post is about the User Submitted Posts plugin vulnerability. If you’re a User Submitted Posts user, please update the plugin to at least version 20230914. Patchstack users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the User Submitted Posts Plugin The plugin User […]
This blog post is about the vulnerability in the Simple Membership plugin. If you’re a Simple Membership user, please update the plugin to at least version 4.3.5. Patchstack users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Simple Membership Plugin The plugin Simple Membership […]
This blog post is about the vulnerability in Essential Addons for Elementor. If you’re an Essential Addons for Elementor user, please update the plugin to at least version 5.8.9. Patchstack users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the Essential Addons for the Elementor […]