Clik here to view.
How eCommerce Websites Can Comply with PCI-DSS 4.0
With frequent breaches, credit card fraud, and assorted ways attackers can compromise sensitive payment information (and the companies like eCommerce websites processing them), it’s no wonder the...
View ArticleClik here to view.
Critical Privilege Escalation in LiteSpeed Cache Plugin Affecting 5+ Million...
LiteSpeed Cache Unauthenticated Privilege Escalation The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member John Blackbourn to the Patchstack...
View ArticleClik here to view.
Critical Account Takeover Vulnerability Patched in LiteSpeed Cache Plugin
LiteSpeed Cache Unauthenticated Account Takeover This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 6.5.0.1. Sign up...
View ArticleClik here to view.
Interview with John Blackbourn
Today we present an interview with John Blackbourn. John is a web developer of 20 years, a leader of projects and teams, and a public speaker. He recently moved into the role of Director of WordPress...
View ArticleClik here to view.
The Best WordPress Security Plugins (+ Do You Really Need One?)
There are thousands of “WordPress security plugins” listed on the official WordPress plugin repository, which claim to offer some security-related functionality and serve some purpose related to...
View ArticleClik here to view.
Introducing the Patchstack VDP platform
Our mission to provide the fastest mitigation to security vulnerabilities is core to our long-term vision of becoming a global cyber-security leader with the biggest impact on open-source security....
View ArticleClik here to view.
SQL Injection Vulnerabilities Found in ListingPro Theme and Plugin
ListingPro Theme Unauthenticated SQL Injection ListingPro Plugin Subscriber+ SQL Injection ListingPro Plugin Unauthenticated SQL Injection This blog post is about ListingPro theme vulnerabilities. If...
View ArticleClik here to view.
The Best WordPress SEO Plugins (Ranked by Quality & Security)
“If you’re running a business, there’s no such thing as page 2 of Google.” Harsh words? No, not really. Since only 0.63% of users actually click through to page 2 of Google, you’re either on page 1…...
View ArticleClik here to view.
Stay Secure: How Patchstack’s vPatches protect your WordPress site against...
Introduction In today’s digital landscape, WordPress powers over 40% of websites worldwide, making it a prime target for cybercriminals. With its vast ecosystem of plugins, themes, and customizations,...
View ArticleClik here to view.
Privilege Escalation Vulnerability Patched in Houzez Theme
Houzez Theme Authenticated Privilege Escalation 46K CVSS 8.8 Houzez Login Register Plugin Authenticated Privilege Escalation 46K CVSS 8.8 This blog post discusses about the findings on the Houzez...
View ArticleClik here to view.
Unpatched SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin
TI WooCommerce Wishlist Unauthenticated SQL Injection 100k CVSS 9.3 This blog post is about an unauthenticated SQL injection vulnerability on the TI WooCommerce Wishlist plugin. If you’re a TI...
View ArticleClik here to view.
Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting...
Litespeed Cache Unauthenticated Stored XSS 6M+ CVSS 7.1 This blog post is about the LiteSpeed Cache plugin vulnerability which is originally reported by TaiYou to the Patchstack bug bounty program for...
View ArticleClik here to view.
The Best WordPress Activity Log Plugins
Are you managing a large WordPress website with the help of a team? Do you constantly find yourself asking, “Who made this change?” Did someone break your WordPress website, and are you looking to...
View ArticleComprehensive WordPress Malware Removal Guide
Performing a WordPress malware removal in a way that you can be sure that it’s clean is not an easy task. That’s why a WordPress malware removal can cost over 150 dollars – and that’s not considering...
View ArticleClik here to view.
Critical Vulnerabilities in Ultimate Membership Pro Plugin
Ultimate Membership Pro Unauthenticated Privilege Escalation 40k CVSS 9.4 Ultimate Membership Pro Unauthenticated PHP Object Injection 40k CVSS 9.0 This blog post is about Ultimate Membership Pro...
View ArticleClik here to view.
Security implications of WordPress repository access restrictions and plugin...
Over the past couple of weeks, we’ve noticed an increasing number of plugins not receiving updates through WordPress.org. Some have been banned and others cannot log in to their WordPress.org accounts...
View ArticleClik here to view.
Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin
LiteSpeed Cache Unauthenticated Privilege Escalation 6+ million CVSS 8.1 The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member TaiYou to the...
View ArticleClik here to view.
WordPress Salts: What Are They, How They Work, and How to Use Them
If you have been developing WordPress websites, your eyes might have wandered to the ‘WordPress salts’ section of the wp.config.php file. Have you ever wondered what these salts are and why we need...
View Article