Clik here to view.
The 12 Best WordPress Form Plugins (Ranked by Quality & Security)
Forms are essential for any website that needs to collect information from visitors, whether it’s for lead generation, feedback, surveys, quizzes, or payments. But with so many WordPress form plugins...
View ArticleClik here to view.
The Best WordPress Backup Plugins and Services in 2024 (Ranked by Security)
Disclaimer: Please note that we always recommend to use backup services offered by your hosting provider. Plugin based solutions should only be used for redundancy, or when there is no other option....
View ArticleClik here to view.
High Priority Vulnerabilities Patched in Uncode Core Plugin
Uncode Core Authenticated Arbitrary File and Directory Deletion Uncode Core Authenticated Privilege Escalation This blog post is about the Uncode Core plugin vulnerabilities. If you're a Uncode user,...
View ArticleClik here to view.
The Capabilities of Large Language Models in Executing/Preventing Cyber Attacks
AI has emerged as a transofrmative force in almost every field, and cybersecurity is no exception. It has found use as a weapon - but also as a shield. At Patchstack we're working on using AI for the...
View ArticleClik here to view.
Critical Vulnerabilities Found in XStore Theme and Plugin
XStore Theme Unauthenticated Local File Inclusion XStore Theme Unauthenticated SQL Injection XStore Theme Authenticated Arbitrary Option Update XStore Core Plugin Unauthenticated SQL Injection XStore...
View ArticleExploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF
This is a blog post about research of an additional vulnerability scenario of the root cause that led to the publicly known WordPress Core Blind SSRF. More affected components were found that may...
View ArticleClik here to view.
Interview with Mat Rollings AKA stealthcopter
Today we present an interview with one of our most active community members - Mat Rollings. He's an experienced developer turned application security 'expert.' He loves reviewing code and breaking...
View ArticleClik here to view.
Critical Vulnerability Patched in UserPro Plugin
UserPro Unauthenticated Account Takeover This blog post is about the UserPro plugin vulnerabilities. If you're a UserPro user, please update the plugin to at least version 5.1.9. All paid Patchstack...
View ArticleClik here to view.
Unauthenticated XSS Vulnerability Patched in Slider Revolution Plugin
Slider Revolution Unauthenticated Broken Access Control Slider Revolution Authenticated Stored XSS Slider Revolution came to us with a request to audit their product for potential vulnerabilities...
View ArticleClik here to view.
ellegaard ID Case Study: From Cleaning Up Hacked Sites to Security by Default
Patchstack user since: September 2023 Getting hacked isn’t pleasant in any scenario, but it’s never as critical as when you manage WordPress websites for clients. When Morten Ellegard, the owner of...
View ArticleClik here to view.
EfficientWP Case Study: Spending Less Time on WordPress Update Management...
Patchstack user since: July 2022Threats blocked: 6,952 in the last 30 days across 44 websites WordPress updates are no longer just something you set and forget. With the increase in vulnerabilities,...
View ArticleClik here to view.
Property Portal Marketing Case Study: Staying Safe and Preventing Post-Update...
Patchstack user since: June 2023 Raise your hand if you’ve applied a security update to one of your sites, only to see that something got broken in the process. Hand raised? Don’t worry – it’s a...
View ArticleClik here to view.
Make Things New Case Study: Enabling Peace of Mind with Patchstack
Patchstack user since: March 2023 When you have as much experience in the marketing world as James Traister and his team at Make Things New, you know your priorities. And for this ambitious team,...
View ArticleClik here to view.
Patchstack's Weekly WordPress Vulnerability Overview - May 29 to June 04 2024
Welcome to Patchstack's WordPress vulnerability overview for the week of May 29 to June 04 2024. As the #1 vulnerability processor in the world, Patchstack brings you this report so you can stay safe...
View ArticleClik here to view.
Multiple Vulnerabilities in WooCommerce Amazon Affiliates Plugin
WZone Authenticated Arbitrary Option Update WZone Unauthenticated SQL Injection WZone Authenticated SQL Injection This blog post is about WooCommerce Amazon Affiliates (WZone) plugin vulnerabilities....
View ArticleClik here to view.
Patchstack's Weekly WordPress Vulnerability Overview - June 11 to 18, 2024
Welcome to Patchstack's WordPress vulnerability overview for the week of June 11 - 18, 2024. As the #1 vulnerability processor in the world, Patchstack brings you this report so you can stay safe even...
View ArticleClik here to view.
Patchstack's Weekly WordPress Vulnerability Overview - June 19 to 25, 2024
Welcome to Patchstack's WordPress vulnerability overview for the week of June 19 - 25, 2024. As the #1 vulnerability processor in the world, Patchstack brings you this report so you can stay safe even...
View ArticleClik here to view.
WordPress Core 6.5.5 Security Update - Technical Advisory
WordPress Core Contributor+ Path Traversal (Windows Only) WordPress Core Contributor+ Stored Cross-Site Scripting via template-part WordPress Core Contributor+ Stored Cross-Site Scripting via HTML API...
View ArticlePolyfill Vulnerability Effect on the WordPress Ecosystem
On the 25th of June 2024, Sansec released a security advisory article regarding the Polyfill supply chain attack. Intro Polyfill.js is a popular JavaScript library that provides modern functionality...
View ArticleClik here to view.
Patchstack's Weekly WordPress Vulnerability Overview - June 26 to July 2, 2024
Welcome to Patchstack's WordPress vulnerability overview for the week of June 26 - July 2, 2024. As the #1 vulnerability processor in the world, Patchstack brings you this report so you can stay safe...
View Article