Hardening WordPress – A Checklist To Get Started
These days, spinning up a new WordPress website is quick and easy, but securing it is not so straightforward. In this post, we will cover some of the most critical things that you need to consider...
View ArticleCritical Vulnerabilities Found in Fancy Product Designer Plugin
Fancy Product Designer Unauthenticated Arbitrary File Upload 20k CVSS 9.0 Fancy Product Designer Unauthenticated SQL Injection 20k CVSS 9.3 This blog post is about Fancy Product Designer plugin...
View ArticleCritical Vulnerability Patched in GiveWP Plugin
GiveWP Unauthenticated PHP Object Injection 100k CVSS 9.8 The vulnerability in the GiveWP plugin was originally reported by Patchstack Alliance community member Edisc from Zalopay Security to the...
View ArticleHow & Why You Should Remove Unused WordPress Plugins
As a seasoned WordPress developer, you might have spent countless hours perfecting your WordPress site by carefully selecting themes and plugins to create an outstanding experience. But did you stop...
View ArticleInterview with Kévin Mosbahi AKA Mika
Today we present an interview with Kévin Mosbahi(most of you probably know him by his nickname – Mika). He lives in France and has been passionate about computers since he was a teenager. Over time he...
View ArticleUnauthenticated Privilege Escalation Vulnerability in RH – Real Estate Theme
RealHomes Theme Unauthenticated Privilege Escalation 32K CVSS 9.8 Easy Real Estate Plugin Unauthenticated Privilege Escalation 32K CVSS 9.8 This blog post discusses about the findings on the RealHome...
View ArticlePrivilege Escalation Vulnerability Patched in Better Find and Replace Plugin
Better Find and Replace Privilege Escalation Vulnerability 50k CVSS 8.8 This blog post is about the Better Find and Replace plugin vulnerability. If you’re a Better Find and Replace user, please...
View ArticleRare Case of Privilege Escalation in ASE Plugin Affecting 100k+ Sites
Admin and Site Enhancements (ASE) Privilege Escalation 100k CVSS 7.5 Admin and Site Enhancements (ASE) Pro Privilege Escalation 100k CVSS 7.5 This blog post is about the Admin and Site Enhancements...
View ArticleInterview with Dhabaleshwar Das
Today we present an interview with Dhabaleshwar Das. He’s a security professional with 3 years of experience across various domains, including web, network, API, and mobile VAPT, container, and cloud...
View ArticleCritical Privilege Escalation Patched in KLEO Theme’s Plugin
K Elements Privilege Escalation 23k CVSS 9.8 This blog post is about the K Elements plugin vulnerability. If you’re a KLEO theme user who is using the K Elements plugin, please update the plugin to at...
View ArticleReflected XSS Patched in Essential Addons for Elementor Affecting 2+ Million...
Essential Addons for Elementor Reflected Cross Site Scripting 2M CVSS 7.1 This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re an Essential Addons for Elementor...
View ArticleThe Best WooCommerce Security Plugins
Is your WooCommerce store truly secure? If you cannot confidently say “Yes!” then it is vital to be aware that just one single security breach could easily cripple your business overnight. This can...
View ArticleUnauthenticated Arbitrary File Upload Vulnerability in Chaty Pro Plugin
Chaty Pro Unauthenticated Arbitrary File Upload 18K CVSS 10.0 This blog post discusses about the findings on the Chaty Pro plugin. This vulnerability is fixed on version 3.3.4 and the vulnerable...
View ArticleMeet João Pedro Soares de Alcântara AKA Kinorth
Today we present an interview with João Pedro Soares de Alcântara(most of you probably know him by his nickname – Kinorth). He lives in Brazil and has been passionate about computers since his...
View ArticleCritical LFI to RCE Vulnerability in WP Ghost Plugin Affecting 200k+ Sites
WP Ghost Local File Inclusion to RCE 200k CVSS 9.6 This blog post is about the WP Ghost plugin vulnerability. If you’re a WP Ghost user, please update the plugin to at least version 5.4.02. If you are...
View ArticleNew Year, New Threats: Q1 2025’s Most Exploited WordPress Vulnerabilities
Introduction WordPress remains the backbone of millions of websites, offering flexibility and scalability through its extensive library of plugins and themes. However, this same openness also makes it...
View ArticleHow to Detect and Prevent Unauthorized Access in WordPress
This article was originally authored by Robert Abela of Melapress, a Patchstack partner specializing in WordPress security and user management solutions. Unauthorized WordPress access is more common...
View ArticleCloudfest Hackathon 2025: SBOMinator to Secure the OSS Supply Chain
No one can do it alone and that’s nowhere quite as obvious as it is in open-source software. With different dependencies and whole ecosystems needing to work in perfect sync in order to stay secure,...
View Article