UPDATE on February 2nd, 2026: Crowdsignal Forms Security Patch for the CVE-2025-69015 released by SudoWP We've collaborated with SudoWP, which released a patched version of the vulnerable Crowdsignal Forms plugin. This unofficial plugin version patches the CVE-2025-69015 (Broken Access Control), modernizes for PHP 8.2+, and enforces strict authorization checks. If you’ve landed on this page, there’s a good chance Jetpack recently flagged your WordPress site with a warning about … [Read more...] about Crowdsignal Forms ≤ 1.7.2 Vulnerability: What Site Owners Need to Know
Blog
How to Fix HTTP redirects to www first HSTS Preload Status warning
A few days ago, one of your clients asked us for some help regarding her site which she and her team was trying to enable HSTS Preload Status and eligibility for Chrome. Even though they had already spent a couple of hours trying to meet all of Chrome's criteria for HSTS preload eligibility, they still failed in some of them. They were using Runcloud to manage their hosting instance, and a Server Side Redirection was created with them, but they still couldn't pass Chrome's Preload Eligibility … [Read more...] about How to Fix HTTP redirects to www first HSTS Preload Status warning
Malware Cleanup of Small WooCommerce Website
Only a few days ago, we were approached by an owner of a small WooCommerce website; it seems like his WordPress website has been infected with malware. As a result, his homepage served pop-ups to the site visitors while his admin logins were compromised and changed. After being locked out from the WordPress Dashboard, the owner searched for a WordPress malware cleanup service, and we were more than happy to take the chance and remove malware from another WordPress site. Below we will write … [Read more...] about Malware Cleanup of Small WooCommerce Website
How to Fix the WP API Returning Invalid User Id Issue
We recently got a client support request for a fix regarding an issue they were constantly experiencing while trying to edit or publish a post on their WordPress news site. It seems that now and then, the Author was locked out of the post and had to re-login to continue editing the post. Every time the Author experienced this glitch, one of the following warnings was displayed on his post-edit page. "Updating failed. The response is not a valid JSON response." or "Updating … [Read more...] about How to Fix the WP API Returning Invalid User Id Issue
The free.xjs.lol Spam Injection WordPress Malware Cleanup
A few days ago, we received a hack removal request for a WordPress website using both Malcare and WordFence; it kept getting hacked and injected with Japanese spam malware repeatedly. The site owner told us that he found two scripts injected into his WordPress site; the first one was located under the site's root directory with the name sw.js, while the other was sitting under wp-includes/js directory with the name font.js. The owner also mentioned that they suspect there is a backdoor which … [Read more...] about The free.xjs.lol Spam Injection WordPress Malware Cleanup
