Clik here to view.
Guide to Forcing User Logout in WordPress: When and How
Did you leave your WordPress account logged in on a shared computer? Are you worried that someone is using your account without your permission? Worry no more! Forcing user logout in WordPress is a...
View ArticleClik here to view.
How to Stop WordPress Spam Comments: A Comprehensive Guide
WordPress is a versatile and widely used content management system, and as a result, has become a prime target for spam comments. In this blog post, we'll dive into how to stop WordPress spam...
View ArticleClik here to view.
How To Add Multi-Factor Authentication To WordPress?
Are you worried that a password breach may have compromised your credentials? No matter whether you answered ‘yes’ or ‘no’ to that question, you should still implement multi-factor authentication to...
View ArticleClik here to view.
Critical RCE Patched in Bricks Builder Theme
Bricks Builder Unauthentiacated Remote Code Execution (RCE) The vulnerability in the Bricks Builder Theme was originally reported by snicco to the Patchstack bug bounty program for WordPress. We are...
View ArticleAnnouncing the Patchstack WordPress Security Weekly Newsletter
When we talk about WordPress websites, we often talk about development. But security is just as crucial. After numerous requests, we've decided to revive our previous security newsletter, taking it...
View ArticleUnderstanding XML-RPC in WordPress (What It Is, Security Risks, How to...
What is XML-RPC, and why should you be concerned with disabling it in WordPress? There’s a price to be paid for popularity. While WordPress's phenomenal rise in popularity has resulted in 810 million...
View ArticleClik here to view.
XSS Vulnerability in LiteSpeed Cache Plugin Affecting 4+ Million Sites
LiteSpeed Cache Unauthenticated Site Wide Stored XSS This blog post is about the LiteSpeed plugin vulnerability. If you're a LiteSpeed user, please update the plugin to at least version 5.7.0.1. All...
View ArticleClik here to view.
Critical Vulnerability Found in GOTMLS Plugin
GOTMLS Unauthenticated Predictable Nonce Brute-Force Leading to RCE The vulnerability in the GOTMLS plugin was originally reported by stealthcopter to the Patchstack bug bounty program for WordPress....
View ArticleClik here to view.
Critical Vulnerabilities Patched in WordPress Automatic Plugin
Automatic Unauthenticated Arbitrary SQL Execution Automatic Unauthenticated Arbitrary File Download and SSRF This blog post is about the Automatic plugin vulnerabilities. If you're an Automatic user,...
View ArticleClik here to view.
Critical Vulnerabilities Patched in REHub Theme and Plugin
REHub Theme Unauthenticated Local File Inclusion REHub Theme Subscriber+ SQL Injection REHub Framework Plugin Subscriber+ SQL Injection This blog post is about the REHub theme and plugin...
View ArticleClik here to view.
Unpatched Authenticated RCE in Oxygen and Breakdance Builder
Oxygen Authenticated Remote Code Execution Breakdance Authenticated Remote Code Execution Updates since April 4, 2024 April 6th, 2024 - Patchstack received an email from Oxygen containing a new...
View ArticleClik here to view.
How to Use CAPTCHAs on WordPress to Protect Your Site from Bots and Spammers
According to a report by Imperva Threat Research, bots accounted for 47% of all web traffic in 2022, with 27.7% of them being identified as malicious. That means that one in four visitors to your site...
View ArticleClik here to view.
WordPress File Permissions – The Complete Guide
If you're a WordPress user, then you may already know that WordPress needs certain file permissions to function properly, such as reading, writing, and executing files. If you misconfigure these...
View ArticleClik here to view.
The 12 Best WordPress Form Plugins (Ranked by Quality & Security)
Forms are essential for any website that needs to collect information from visitors, whether it’s for lead generation, feedback, surveys, quizzes, or payments. But with so many WordPress form plugins...
View ArticleClik here to view.
The Best WordPress Backup Plugins and Services in 2024 (Ranked by Security)
Disclaimer: Please note that we always recommend to use backup services offered by your hosting provider. Plugin-based solutions should only be used for redundancy or when there is no other option....
View ArticleClik here to view.
High Priority Vulnerabilities Patched in Uncode Core Plugin
Uncode Core Authenticated Arbitrary File and Directory Deletion Uncode Core Authenticated Privilege Escalation This blog post is about the Uncode Core plugin vulnerabilities. If you're a Uncode user,...
View ArticleClik here to view.
The Capabilities of Large Language Models in Executing/Preventing Cyber Attacks
AI has emerged as a transofrmative force in almost every field, and cybersecurity is no exception. It has found use as a weapon - but also as a shield. At Patchstack we're working on using AI for the...
View ArticleClik here to view.
Critical Vulnerabilities Found in XStore Theme and Plugin
XStore Theme Unauthenticated Local File Inclusion XStore Theme Unauthenticated SQL Injection XStore Theme Authenticated Arbitrary Option Update XStore Core Plugin Unauthenticated SQL Injection XStore...
View ArticleExploring the Unknown: Beneath the Surface of Unpatched WordPress SSRF
This is a blog post about research of an additional vulnerability scenario of the root cause that led to the publicly known WordPress Core Blind SSRF. More affected components were found that may...
View ArticleClik here to view.
Interview with Mat Rollings AKA stealthcopter
Today we present an interview with one of our most active community members - Mat Rollings. He's an experienced developer turned application security 'expert.' He loves reviewing code and breaking...
View Article