PSA ‼️ - Due to plugin updates not being available to large amounts of WordPress websites hosted at @wpengine - we are temporarily halting the publishing of new (not yet public) high and medium severity CVEs and security vulnerabilities.
Patchstack
4,506 posts
Patchstack
@patchstackapp
Fastest vulnerability protection for WordPress websites! Official security partner for the leading web hosting companies, agencies, and plugin devs.
Joined May 2016
- Patchstack Alliance is booming! 📈 October broke a record in terms of new vulnerability reports. Now November broke a record of number of ethical hackers participating within a single month! If you're into #security #bugbounty and #WordPress - join us!
- ‼️ We are aware of the vulnerability reported and based on the info we’ve received - it’s a low severity. Users of @wp_acf please keep an eye on the website and follow the instructions below to update to a patched version as soon as it becomes available:This post is unavailable.
- 🎅 revisited Patchstack HQ. He needs you to find more difficult vulns in #WordPress plugins and themes. 📅 When: 17-23 Dec 🛡️ What: SQLi, PHP Object Injection, Insecure Deserialization 📊 CVSS: 7.0+ 📈 Installs: 50+ 🎁 $4700 bounty pool Learn more at patchstack.com/bug-bounty/
- Breaking news! The source code of the world's most popular open-source software, #WordPress, has been leaked online for the first time in over 20 years. Want to know what it all means? Check out Robert Rowley's interview with a famous online personality.
- 👥 A large audience attended Oliver's talk at #WCEU about the State of WordPress Security. 🙏 Thank you, #WordPress community, for all the support! Let's make the Open Source Ecosystem more secure! 🔒
- All @patchstackapp users with protection turned on at #WPengine will continue to receive virtual patches to all of the latest security vulnerabilities as usual. Meanwhile, we hope the situation resolves soon and users are able to update to patched versions ASAP.I want to share: WordPress.org has blocked @wpengine customers from updating and installing plugins and themes via WP Admin—disrupting essential work for #WordPress users, agencies, freelancers, and plugin developers. Please read: wpenginestatus.com/incidents/6401…
- 🎉Big news - we’ve been selected to join Google for Startups Growth Academy for AI in cybersecurity! Joining this program will help us build out our vision for a safer open-source web at a much faster pace🚀 @GoogleStartups #AIforCybersecurity
- PSA: please update your @WordPress to version 6.0.2 - it contains important security fixes for: ⚠️ SQL injection within the Link API ⚠️ XSS vulnerability on the Plugins screen ⚠️ output escaping issue within the_meta() But no need to panic, we'll explain in thread👇
- Our annual WordPress security whitepaper is live! 🐛5,948 new vulnerabilities disclosed in 2023 ⚠️43% of new vulns had high or critical severity 🗑️481 reported plugins removed from WP repo due to unpatched security issues Link in thread!
- Replying to @photomatt and @wpengineWe hope they will do so soon. As of now (based on their status page), the sites hosted with them are not capable of performing any updates yet. We’ll continue to monitor the situation closely and as soon as it resolves will continue to publish/disclose vulnerabilities as usual.
- 💥Our annual WordPress security whitepaper is live! Covering the biggest security challenges @WordPress is facing in 2025, and of course last year’s stats, including: ⚠️7,966 new vulnerabilities found ⚠️33% of vulnerable plugins not fixed in time for disclosure ⚠️1,600+ plugins
