Clik here to view.
Critical SQL Injection Found in Porto Theme's Plugin
This blog post is about the Porto Theme's plugin vulnerability. If you're a Porto Theme user, please update the plugin to at least version 2.12.1. You can sign up for the Patchstack Community plan to...
View ArticleClik here to view.
The New Chapter In WordPress Bug Bounty Hunting
Patchstack has been pioneering the WordPress bug bounty hunting scene for many years now. 6 years ago, we came up with an idea on how to make open-source bug bounty hunting cover even the smallest...
View ArticleClik here to view.
How To Change The Default WordPress Login URL?
Did you know that attackers can use several techniques to gain full access to your WordPress site if you use the default login URL? In this article, we will learn how to change the default WordPress...
View ArticleClik here to view.
AI Engine Plugin Affected by Critical Vulnerability
AI Engine Unauthenticated Arbitrary File Upload This blog post is about an AI Engine plugin vulnerability. If you're an AI Engine user, please update the plugin to at least version 1.9.99. You can...
View ArticleClik here to view.
Patchstack Community Plan Gets an Upgrade
Since we launched the Patchstack Developer plan and the changes to the Patchstack Community plan in 2023, we have talked a lot to our customers and users. Something that has been coming up ever since...
View ArticleClik here to view.
Is WooCommerce Safe? Exploring Vulnerabilities and Security Measures
Many businesses rely on WooCommerce for their e-commerce store, but have you considered whether is WooCommerce safe to use? E-commerce sales hit $6.3 trillion in 2023, and 20% of all retail sales were...
View ArticleClik here to view.
WordPress 6.4.3 Security Release
WordPress 6.4.3 was released on January 30th, 2024, which includes two low-severity security fixes. This security fix addresses two potential security issues. The first one is an Administrator+...
View ArticleClik here to view.
Guide to Forcing User Logout in WordPress: When and How
Did you leave your WordPress account logged in on a shared computer? Are you worried that someone is using your account without your permission? Worry no more! Forcing user logout in WordPress is a...
View ArticleClik here to view.
How to Stop WordPress Spam Comments: A Comprehensive Guide
WordPress is a versatile and widely used content management system, and as a result, has become a prime target for spam comments. In this blog post, we'll dive into how to stop WordPress spam...
View ArticleClik here to view.
How To Add Multi-Factor Authentication To WordPress?
Are you worried that a password breach may have compromised your credentials? No matter whether you answered ‘yes’ or ‘no’ to that question, you should still implement multi-factor authentication to...
View ArticleClik here to view.
Critical RCE Patched in Bricks Builder Theme
Bricks Builder Unauthentiacated Remote Code Execution (RCE) The vulnerability in the Bricks Builder Theme was originally reported by snicco to the Patchstack bug bounty program for WordPress. We are...
View ArticleAnnouncing the Patchstack WordPress Security Weekly Newsletter
When we talk about WordPress websites, we often talk about development. But security is just as crucial. After numerous requests, we've decided to revive our previous security newsletter, taking it...
View ArticleUnderstanding XML-RPC in WordPress (What It Is, Security Risks, How to...
What is XML-RPC, and why should you be concerned with disabling it in WordPress? There’s a price to be paid for popularity. While WordPress's phenomenal rise in popularity has resulted in 810 million...
View ArticleClik here to view.
XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites
LiteSpeed Cache Unauthenticated Site Wide Stored XSS This blog post is about the LiteSpeed plugin vulnerability. If you're a LiteSpeed user, please update the plugin to at least version 5.7.0.1. All...
View ArticleClik here to view.
Critical Vulnerability Found in GOTMLS Plugin
GOTMLS Unauthenticated Predictable Nonce Brute-Force Leading to RCE The vulnerability in the GOTMLS plugin was originally reported by stealthcopter to the Patchstack bug bounty program for WordPress....
View ArticleClik here to view.
Critical Vulnerabilities Patched in WordPress Automatic Plugin
Automatic Unauthenticated Arbitrary SQL Execution Automatic Unauthenticated Arbitrary File Download and SSRF This blog post is about the Automatic plugin vulnerabilities. If you're an Automatic user,...
View ArticleClik here to view.
Critical Vulnerabilities Patched in REHub Theme and Plugin
REHub Theme Unauthenticated Local File Inclusion REHub Theme Subscriber+ SQL Injection REHub Framework Plugin Subscriber+ SQL Injection This blog post is about the REHub theme and plugin...
View ArticleClik here to view.
Unpatched Authenticated RCE in Oxygen and Breakdance Builder
Oxygen Authenticated Remote Code Execution Breakdance Authenticated Remote Code Execution Updates since April 4, 2024 April 6th, 2024 - Patchstack received an email from Oxygen containing a new...
View ArticleClik here to view.
How to Use CAPTCHAs on WordPress to Protect Your Site from Bots and Spammers
According to a report by Imperva Threat Research, bots accounted for 47% of all web traffic in 2022, with 27.7% of them being identified as malicious. That means that one in four visitors to your site...
View ArticleClik here to view.
WordPress File Permissions – The Complete Guide
If you're a WordPress user, then you may already know that WordPress needs certain file permissions to function properly, such as reading, writing, and executing files. If you misconfigure these...
View Article