Security Weekly

Weekly website security lessons brought to you by The Admin Bar in partnership with Patchstack

Week 49

Increased Volume of Threats During Holidays

We are just a few days away from Christmas holidays and many people have already gone to their well deserved vacations. When companies are under staffed and resources are allocated only to …

Week 48

What Will WordPress Security Look Like in 2025?

I was thinking wether to leave this as the last security weekly, but I recon that by releasing this in the middle of the holidays will most likely not get the attention …

Week 47

Why Use Virtual Patching for WordPress Security?

Virtual patching is a security strategy that involves applying protective measures to the WordPress application without modifying any of the source code (core/plugins/themes). Virtual patches aim to provide a real-time response and …

Week 46

What Role Does AI Play in WordPress Security?

We can’t ignore the power of LLMs and AI when it comes to security. At Patchstack, we work closely together with Google and earlier in 2024 we were selected into a Google …

Week 45

Where to get your WordPress plugins and themes?

As of writing this article, it’s a hot topic. Some plugins which have been available on WordPress.org plugins repository have been moved over to custom distribution systems or to GitHub. Meanwhile, the …

Week 44

What is a CVE?

In previous weeks, we have talked a lot about different security vulnerabilities and linked to their CVE IDs. I realized however, that I have not properly covered what a CVE is and …

Week 43

What is a CVSS score and how to prioritise WordPress vulnerabilities?

You’ve most likely noticed a CVSS score whenever a security vulnerability has been reported to you. CVSS (Common Vulnerability Scoring System) scores are calculated to give a quick understanding of the severity …

Week 42

What is a CSV Injection Vulnerability?

CSV Injection vulnerability is rare and somewhat controversial vulnerability which has been found in less than 100 WordPress plugins over the recent years. In the Patchstack bug bounty program, where security researchers …

Week 41

What is an Arbitrary File Upload Vulnerability?

The Arbitrary File Upload vulnerabilities are among some of the most dangerous security flaws in the WordPress ecosystem. These vulnerabilities allow malicious users to upload files that can execute harmful code on …

Week 40

What is Privilege Escalation Vulnerability?

Privilege Escalation occurs when a lower-privileged or unauthenticated user can perform an action that escalates their current privilege to a higher level. These vulnerabilities allow attackers to gain elevated access to a …

Week 39

What is a Sensitive Data Exposure Vulnerability?

Imagine that you receive an email from your favorite service provider saying that there was an attempt to access your account. Or a phishing email in your inbox on behalf of your …

Week 38

What is a Remote Code Execution vulnerability?

The legendary Remote Code Execution is an uncommon but critical security vulnerability that allows an attacker to run arbitrary code or command line commands on a server or application remotely. In the …

1235 Next