
Increased Volume of Threats During Holidays
We are just a few days away from Christmas holidays and many people have already gone to their well deserved vacations. When companies are under staffed and resources are allocated only to …

What Will WordPress Security Look Like in 2025?
I was thinking wether to leave this as the last security weekly, but I recon that by releasing this in the middle of the holidays will most likely not get the attention …

Why Use Virtual Patching for WordPress Security?
Virtual patching is a security strategy that involves applying protective measures to the WordPress application without modifying any of the source code (core/plugins/themes). Virtual patches aim to provide a real-time response and …

What Role Does AI Play in WordPress Security?
We can’t ignore the power of LLMs and AI when it comes to security. At Patchstack, we work closely together with Google and earlier in 2024 we were selected into a Google …

Where to get your WordPress plugins and themes?
As of writing this article, it’s a hot topic. Some plugins which have been available on WordPress.org plugins repository have been moved over to custom distribution systems or to GitHub. Meanwhile, the …

What is a CVE?
In previous weeks, we have talked a lot about different security vulnerabilities and linked to their CVE IDs. I realized however, that I have not properly covered what a CVE is and …

What is a CVSS score and how to prioritise WordPress vulnerabilities?
You’ve most likely noticed a CVSS score whenever a security vulnerability has been reported to you. CVSS (Common Vulnerability Scoring System) scores are calculated to give a quick understanding of the severity …

What is a CSV Injection Vulnerability?
CSV Injection vulnerability is rare and somewhat controversial vulnerability which has been found in less than 100 WordPress plugins over the recent years. In the Patchstack bug bounty program, where security researchers …

What is an Arbitrary File Upload Vulnerability?
The Arbitrary File Upload vulnerabilities are among some of the most dangerous security flaws in the WordPress ecosystem. These vulnerabilities allow malicious users to upload files that can execute harmful code on …

What is Privilege Escalation Vulnerability?
Privilege Escalation occurs when a lower-privileged or unauthenticated user can perform an action that escalates their current privilege to a higher level. These vulnerabilities allow attackers to gain elevated access to a …

What is a Sensitive Data Exposure Vulnerability?
Imagine that you receive an email from your favorite service provider saying that there was an attempt to access your account. Or a phishing email in your inbox on behalf of your …

What is a Remote Code Execution vulnerability?
The legendary Remote Code Execution is an uncommon but critical security vulnerability that allows an attacker to run arbitrary code or command line commands on a server or application remotely. In the …