This blog post discusses about the findings on the Houzez theme and the Houzez Login Register plugin that comes pre-installed with the theme. If you’re a Houzez user, please update the theme and the Houzez Login Register plugin to version 3.3.0 or higher. All paid Patchstack users are protected from [...]
This blog post is about ListingPro theme vulnerabilities. If you’re a ListingPro user, please update the theme and plugin to version 2.9.5 or higher. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, to scan for vulnerabilities and apply protection for only [...]
This blog post is about the LiteSpeed plugin vulnerability. If you’re a LiteSpeed user, please update the plugin to at least version 6.5.0.1. Sign up to Patchstack for free to be first to know about vulnerabilities and automatically protect your website for only $5 / site per month or all [...]
Stay informed on the latest WordPress vulnerabilities with Patchstack's insights. Learn about affected plugins, severity, and recommended actions. [...]
The vulnerability in the LiteSpeed Cache plugin was originally reported by Patchstack Alliance community member John Blackbourn to the Patchstack Zero Day bug bounty program for WordPress. We are collaborating with the researcher to release the content of this security advisory article. This vulnerability has been rewarded the highest bounty [...]
This blog post is about the WP Time Capsule plugin vulnerability. If you’re a WP Time Capsule plugin user, please update to at least version 1.22.21. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, to scan for vulnerabilities and apply protection [...]
On the 25th of June 2024, Sansec released a security advisory article regarding the Polyfill supply chain attack. Intro Polyfill.js is a popular JavaScript library that provides modern functionality on older browsers that do not natively support it. The implementation of Polyfill.js is mostly attached to an HTML tag as [...]
WordPress Core Contributor+ Path Traversal (Windows Only) WordPress Core Contributor+ Stored Cross-Site Scripting via template-part WordPress Core Contributor+ Stored Cross-Site Scripting via HTML API On the 24th of June 2024, WordPress.org released a security update and recommended users update their sites as soon as possible. This WordPress core 6.5.5 security [...]
This blog post is about WooCommerce Amazon Affiliates (WZone) plugin vulnerabilities. If you’re a WooCommerce Amazon Affiliates (WZone) user, please deactivate and delete the plugin since there is still no known patched version. All paid Patchstack users are protected from this vulnerability. Sign up for the free Community account first, [...]
Slider Revolution came to us with a request to audit their product for potential vulnerabilities since they wanted to make sure that their users’ websites were not vulnerable to an attack. This blog post discusses our audit findings, which we have been authorized to publicize. If you’re a Slider Revolution [...]
