Critical Vulnerabilities Found in Fancy Product Designer Plugin

Fancy Product Designer Unauthenticated Arbitrary File Upload Fancy Product Designer Unauthenticated SQL Injection This blog post is about Fancy Product Designer plugin vulnerabilities. If you’re a Fancy Product Designer user, please delete or deactivate the plugin until the patch is released by the vendor. If you are a Patchstack customer, [...]

Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins

WPLMS Unauthenticated Arbitrary File Upload WPLMS Subscriber+ Arbitrary File Upload WPLMS Sutedent+ Arbitrary File Upload WPLMS Unauthenticated Privilege Escalation WPLMS Subscriber+ Privilege Escalation WPLMS Unauthenticated SQL Injection WPLMS Subscriber+ SQL Injection VibeBP Unauthenticated Privilege Escalation VibeBP Unauthenticated SQL Injection VibeBP Subscriber+ SQL Injection This blog post is about the WPLMS [...]

Multiple Critical Vulnerabilities Patched in Woffice Theme

Woffice Theme Unauthenticated Privilege Escalation Woffice Theme Unauthenticated Broken Authentication This blog post is about the Woffice theme vulnerabilities. If you’re a Woffice user, please update the theme to at least version 5.4.15. Patchstack customers are protected from this vulnerability, and no immediate action is needed from you. For plugin [...]

Privilage Escalation Vulnerability Patched in Sweet Date Theme

This blog post discusses about the findings on the Sweet Date theme. If you’re a Sweet Date user, please update the theme to version 3.8.0 or higher. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, to scan for vulnerabilities and apply [...]

Authenticated RCE Patched in Rank Math SEO plugin

Rank Math SEO plugin .htaccess File Overwrite This blog post is about an arbitrary .htaccess file overwrite vulnerability on the Rank Matho SEO plugin. If you’re a Rank Math SEO plugin user, please update the plugin to the latest version or at least to the version 1.0.232. All paid Patchstack [...]

Unauthenticated Arbitrary File Read Vulnerability in Jobify Theme

Jobify Theme Unauthenticated Arbitrary File Read This blog post is about an unauthenticated arbitrary file read vulnerability on the Jobify theme. If you’re a Jobify user, please delete or deactivate the theme until the patch is released by the vendor. All paid Patchstack users are protected from this vulnerability. Sign [...]

Critical Account Takeover Patched in Really Simple Security Plugin

Really Simple Security Free Unauthenticated Account Takeover Really Simple Security Pro Unauthenticated Account Takeover Really Simple Security Pro Multisite Unauthenticated Account Takeover This blog post is about the Realy Simple Security plugin vulnerability. If you’re a Realy Simple Security user, please update the free, pro, and pro multisite plugin to [...]

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin

LiteSpeed Cache Unauthenticated Privilege Escalation The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This blog post is about the [...]

Security implications of WordPress repository access restrictions and plugin closures

Over the past couple of weeks, we’ve noticed an increasing number of plugins not receiving updates through WordPress.org. Some have been banned and others cannot log in to their WordPress.org accounts due to the new login requirement under the checkbox “I am not affiliated with WP Engine in any way, [...]

Critical Vulnerabilities in Ultimate Membership Pro Plugin

Ultimate Membership Pro Unauthenticated Privilege Escalation Ultimate Membership Pro Unauthenticated PHP Object Injection This blog post is about Ultimate Membership Pro plugin vulnerabilities. If you’re an Ultimate Membership Pro user, please update the theme and plugin to version 12.8 or higher. All paid Patchstack users are protected from this vulnerability. [...]

Stored XSS Vulnerability in LiteSpeed Cache Plugin

This blog post is about the LiteSpeed Cache plugin vulnerability which is originally reported by TaiYou to the Patchstack bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. If you’re a LiteSpeed Cache user, please update the plugin to [...]

Unpatched SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin

This blog post is about an unauthenticated SQL injection vulnerability on the TI WooCommerce Wishlist plugin. If you’re a TI WooCommerce Wishlist user, deactivate and delete the plugin since there is no patched version available. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community [...]

Critical Vulnerabilities Found in Fancy Product Designer Plugin

Multiple Critical Vulnerabilities Patched in WPLMS and VibeBP Plugins

Multiple Critical Vulnerabilities Patched in Woffice Theme

Privilage Escalation Vulnerability Patched in Sweet Date Theme

Authenticated RCE Patched in Rank Math SEO plugin

Unauthenticated Arbitrary File Read Vulnerability in Jobify Theme

Critical Account Takeover Patched in Really Simple Security Plugin

Rare Case of Privilege Escalation Patched in LiteSpeed Cache Plugin

Security implications of WordPress repository access restrictions and plugin closures

Critical Vulnerabilities in Ultimate Membership Pro Plugin

Stored XSS Vulnerability in LiteSpeed Cache Plugin

Unpatched SQL Injection Vulnerability in TI WooCommerce Wishlist Plugin

Need help with your WordPress site?

SOCAIL MEDIEA

USEFUL LINKS

CONTACT INFO

Servicing Australia
Phone: 1300 092 860

MORE INFO

Category: Vulnerabilities

Need help with your WordPress site?

CONTACT INFO

Servicing Australia Phone: 1300 092 860

MORE INFO

Servicing Australia
Phone: 1300 092 860