Clik here to view.
Unauthenticated Stored XSS Vulnerability in LiteSpeed Cache Plugin Affecting...
Litespeed Cache Unauthenticated Stored XSS 6M+ CVSS 7.1 This blog post is about the LiteSpeed Cache plugin vulnerability which is originally reported by TaiYou to the Patchstack bug bounty program for...
View ArticleClik here to view.
The Principle Of Least Privilege (POLP) In WordPress
Imagine waking up to find your WordPress site hacked, your business’s reputation tarnished, and revenue plummeting. Scary, right? Maintaining a high level of security is essential to running a...
View ArticleClik here to view.
The Best WordPress Activity Log Plugins
Are you managing a large WordPress website with the help of a team? Do you constantly find yourself asking, “Who made this change?” Did someone break your WordPress website, and are you looking to...
View ArticleComprehensive WordPress Malware Removal Guide
Performing a WordPress malware removal in a way that you can be sure that it’s clean is not an easy task. That’s why a WordPress malware removal can cost over 150 dollars – and that’s not considering...
View ArticleClik here to view.
Critical Vulnerabilities in Ultimate Membership Pro Plugin
Ultimate Membership Pro Unauthenticated Privilege Escalation 40k CVSS 9.4 Ultimate Membership Pro Unauthenticated PHP Object Injection 40k CVSS 9.0 This blog post is about Ultimate Membership Pro...
View ArticleClik here to view.
Security implications of WordPress repository access restrictions and plugin...
Over the past couple of weeks, we’ve noticed an increasing number of plugins not receiving updates through WordPress.org. Some have been banned and others cannot log in to their WordPress.org accounts...
View ArticleClik here to view.
Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin
LiteSpeed Cache Unauthenticated Privilege Escalation 6+ million CVSS 8.1 The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member TaiYou to the...
View ArticleClik here to view.
WordPress Salts: What Are They, How They Work, and How to Use Them
If you have been developing WordPress websites, your eyes might have wandered to the ‘WordPress salts’ section of the wp.config.php file. Have you ever wondered what these salts are and why we need...
View ArticleNearly 1000 Plugins Closed During WordPress Security Cleanup
Patchstack is always looking for new ways to make the WordPress ecosystem safer by organizing various events for ethical hackers and security researchers. Our experiments sometimes lead to unexpected...
View ArticleClik here to view.
Critical Account Takeover Patched in Really Simple Security Plugin
Really Simple Security Free Unauthenticated Account Takeover 4+ million CVSS 9.8 Really Simple Security Pro Unauthenticated Account Takeover Unknown CVSS 9.8 Really Simple Security Pro Multisite...
View ArticleClik here to view.
Protect Your Store: The Ultimate WooCommerce Security Checklist
When you get hacked, it’s too late to think about security. However, getting started with securing your WooCommerce store (or the stores you create as a developer) isn’t always easy. So in this...
View ArticleClik here to view.
Handling plugin security: Interview with LiteSpeed Cache’s Hai Zheng
Today we present an interview with Hai Zheng. Hai works at LiteSpeed Technologies and is a man who chases better code and products tirelessly, so before he knew it, he just happened to learn PHP, JS,...
View ArticleClik here to view.
The 5 Best WordPress Image Optimization Plugins (Tests Included)
Is your website slow? It might be due to high-resolution images. While adding more images to your website makes it more engaging, it also increases its size. This means people with a slow internet...
View ArticleClik here to view.
Unauthenticated Arbitrary File Read Vulnerability in Jobify Theme
Jobify Theme Unauthenticated Arbitrary File Read 14k CVSS 7.5 This blog post is about an unauthenticated arbitrary file read vulnerability on the Jobify theme. If you’re a Jobify user, please delete...
View ArticleClik here to view.
Authenticated RCE Patched in Rank Math SEO plugin
Rank Math SEO plugin .htaccess File Overwrite 3+ million CVSS 7.2 This blog post is about an arbitrary .htaccess file overwrite vulnerability on the Rank Matho SEO plugin. If you’re a Rank Math SEO...
View ArticleClik here to view.
The Last WordPress Security Checklist You’ll Ever Read
Is your WordPress site secure? You might think so, but are you prepared for the unexpected? The whitehat researchers at Patchstack found that most WordPress vulnerabilities arise not from the core...
View ArticleClik here to view.
Unauthenticated Privilege Escalation Vulnerability Patched in Sweet Date Theme
Sweet Date Theme Unauthenticated Privilege Escalation 10K CVSS 9.8 This blog post discusses about the findings on the Sweet Date theme. If you’re a Sweet Date user, please update the theme to version...
View ArticleClik here to view.
Multiple Critical Vulnerabilites Patched in Woffice Theme
Woffice Theme Unauthenticated Privilege Escalation 15k CVSS 9.8 Woffice Theme Unauthenticated Broken Authentication 15k CVSS 9.8 This blog post is about the Woffice theme vulnerabilities. If you’re a...
View ArticleClik here to view.
Virtual Patches vs. Hackers: Q4 2024’s Most Exploited WordPress Threats
Introduction WordPress has grown into the world’s most popular content management system (CMS), empowering individuals and businesses to create websites with ease. Its open-source nature has led to...
View ArticleClik here to view.
What to do if your WooCommerce site gets hacked: A 10-step recovery process
Did worse come to worst and you strongly suspect your WooCommerce store got hacked? We’ll check, going through the key signs, then fight the fire to get you back online (safely) ASAP and show you how...
View Article