There is a vulnerability in the OceanWP theme – Subscriber+ Path Traversal Leading to Local File Inclusion in <= 3.4.1 If you’re an OceanWP user, please update the theme to at least version 3.4.2. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. About the […]
There is a security vulnerability in Houzez Theme that is exploited in the wild. The vulnerability in Houzez Theme is an Unauthenticated Privilege Escalation vulnerability. The Houzez theme is a premium theme sold on ThemeForest and has over 35,000 sales. It’s described as a theme specifically designed for the real estate industry. It offers easy-to-use […]
If you’re a Shortcodes Ultimate user, please update the plugin to at least version 5.12.7. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin Shortcodes Ultimate (versions 5.12.6 and below), which has over 700,000 active installations is known as a plugin that […]
There’s a vulnerability in Rank Math SEO Plugin. If you’re a Rank Math SEO user, please update the plugin to at least version 1.0.107.3. Patchstack users are protected from this vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin Rank Math SEO (versions 1.0.107.2 and below), which has […]
If you’re a WP Statistics plugin user, please update the plugin to at least version 13.2.11. Patchstack paid plan users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction The plugin WP Statistics (versions 13.2.10 and below), which has over 600.000 active installations is a Privacy-focused […]
Introduction This article will introduce concepts about how computers schedule tasks with cron and how WordPress’s cron implementation “WP-Cron” works more like a queue instead of a scheduler. I will share some of the implications queueing instead of scheduling may have, as well as how to remediate the risk for site owners and what WordPress […]
If you’re a LearnPress user, please update the plugin to at least version 4.2.0. Patchstack paid plan users are protected from the vulnerability. For plugin developers, we have security audit services and Threat Intelligence Feed API for hosting companies. Introduction to the LearnPress plugin vulnerability The plugin LearnPress (versions 4.1.7.3.2 and below), which has over 100,000 active installations is […]
Introduction to MainWP vulnerabilities At Patchstack we accept vulnerability reports from individual researchers but also do our own research – often by randomly selecting a plugin. This time it happens that, during a quick inspection of a MainWP extension, we found a vulnerability. This led us to perform the same inspection in the other MainWP […]
Summary A new WordPress security release was announced today. On October 17th, 2022 WordPress Core released version 6.0.3 a security only release. This release includes a substantial number of security bug patches, so I will be reviewing them and sharing the details with you in this post. All security releases are important. You may want […]
Recently, I learned something new. A new twist on a security bug in PHP that I am already familiar with: PHP Object Injection. What was new, was this security bug can be found when code uses “new” to create an object or class in PHP, and gets passed the Class name from user input. Today, […]