Clik here to view.
NEW: Announcing Patchstack API for Endless Automations
We are excited to announce that the entire Patchstack App is now accessible completely as an API and as of today – all Patchstack Developer accounts can use the API without any extra charge. With more...
View ArticleUnderstanding Cookie Stealing Attacks: How They Work and Their Impact on...
If you stay up to date with cyber security news, you might have heard of Google’s Threat Analysis Group discovering a financially motivated phishing campaign targeting YouTubers. Researchers found...
View ArticleClik here to view.
How To Protect WordPress Against Cross-Site Scripting Attacks (XSS)
Cross-site scripting (XSS) is an exploitation technique that allows hackers to run arbitrary code on a compromised website. Needless to say, it is a serious risk for any web application, and our...
View ArticleClik here to view.
How to Configure the X-Frame-Options Header in WordPress
When you visit any website on the internet, the server delivering the web page instructs your browser on how to process this information by passing meta-data called headers. In this post, we’ll...
View ArticleClik here to view.
Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins
WPLMS Unauthenticated Arbitrary File Upload 28k CVSS 10.0 WPLMS Subscriber+ Arbitrary File Upload 28k CVSS 9.9 WPLMS Sutedent+ Arbitrary File Upload 28k CVSS 9.9 WPLMS Unauthenticated Privilege...
View ArticleSQL Injection in WordPress – Everything You Need To Know
If you manage a WordPress website, you may have heard of SQL injection (also known as SQLi), a type of cyberattack. If so, you’ll probably know how ludicrously simple they are – and how devastating....
View ArticleClik here to view.
How to Fix the WordPress Redirect Hack
As a WordPress site owner, dealing with the aftermath of a redirect hack can be a daunting and frustrating experience. Malicious actors are constantly finding new ways to exploit vulnerabilities and...
View ArticleClik here to view.
Hardening WordPress – A Checklist To Get Started
These days, spinning up a new WordPress website is quick and easy, but securing it is not so straightforward. In this post, we will cover some of the most critical things that you need to consider...
View ArticleClik here to view.
Critical Vulnerabilities Found in Fancy Product Designer Plugin
Fancy Product Designer Unauthenticated Arbitrary File Upload 20k CVSS 9.0 Fancy Product Designer Unauthenticated SQL Injection 20k CVSS 9.3 This blog post is about Fancy Product Designer plugin...
View ArticleClik here to view.
Critical Vulnerability Patched in GiveWP Plugin
GiveWP Unauthenticated PHP Object Injection 100k CVSS 9.8 The vulnerability in the GiveWP plugin was originally reported by Patchstack Alliance community member Edisc from Zalopay Security to the...
View ArticleClik here to view.
How & Why You Should Remove Unused WordPress Plugins
As a seasoned WordPress developer, you might have spent countless hours perfecting your WordPress site by carefully selecting themes and plugins to create an outstanding experience. But did you stop...
View ArticleClik here to view.
Interview with Kévin Mosbahi AKA Mika
Today we present an interview with Kévin Mosbahi(most of you probably know him by his nickname – Mika). He lives in France and has been passionate about computers since he was a teenager. Over time he...
View ArticleClik here to view.
Unauthenticated Privilege Escalation Vulnerability in RH – Real Estate Theme
RealHomes Theme Unauthenticated Privilege Escalation 32K CVSS 9.8 Easy Real Estate Plugin Unauthenticated Privilege Escalation 32K CVSS 9.8 This blog post discusses about the findings on the RealHome...
View ArticleClik here to view.
Privilege Escalation Vulnerability Patched in Better Find and Replace Plugin
Better Find and Replace Privilege Escalation Vulnerability 50k CVSS 8.8 This blog post is about the Better Find and Replace plugin vulnerability. If you’re a Better Find and Replace user, please...
View ArticleClik here to view.
Rare Case of Privilege Escalation in ASE Plugin Affecting 100k+ Sites
Admin and Site Enhancements (ASE) Privilege Escalation 100k CVSS 7.5 Admin and Site Enhancements (ASE) Pro Privilege Escalation 100k CVSS 7.5 This blog post is about the Admin and Site Enhancements...
View ArticleClik here to view.
Interview with Dhabaleshwar Das
Today we present an interview with Dhabaleshwar Das. He’s a security professional with 3 years of experience across various domains, including web, network, API, and mobile VAPT, container, and cloud...
View ArticleClik here to view.
Critical Privilege Escalation Patched in KLEO Theme’s Plugin
K Elements Privilege Escalation 23k CVSS 9.8 This blog post is about the K Elements plugin vulnerability. If you’re a KLEO theme user who is using the K Elements plugin, please update the plugin to at...
View ArticleClik here to view.
Reflected XSS Patched in Essential Addons for Elementor Affecting 2+ Million...
Essential Addons for Elementor Reflected Cross Site Scripting 2M CVSS 7.1 This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re an Essential Addons for Elementor...
View ArticleClik here to view.
The Best WooCommerce Security Plugins
Is your WooCommerce store truly secure? If you cannot confidently say “Yes!” then it is vital to be aware that just one single security breach could easily cripple your business overnight. This can...
View ArticleClik here to view.
Unauthenticated Arbitrary File Upload Vulnerability in Chaty Pro Plugin
Chaty Pro Unauthenticated Arbitrary File Upload 18K CVSS 10.0 This blog post discusses about the findings on the Chaty Pro plugin. This vulnerability is fixed on version 3.3.4 and the vulnerable...
View Article