Learn about the steps we took to uncover and neutralize a malware infection redirecting WordPress traffic to dangerous URLs.
Discover the details of the critical vulnerability CVE-2024-8353 in GiveWP donation plugin for WordPress and the potential impact on your website.
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
Over 7,100 WordPress sites have been hit by the 'Balada Injector' malware, which exploits sites using a vulnerable version of the Popup Builder plugin
Discover the latest waves of the ongoing Balada Injector malware campaign targeting unpatched tagDiv premium WordPress themes. Dive into the technical details of the injected scripts, explore their functionality, and understand the potential threats they pose to site administrators.
Akamai researchers have identified a new Magecart-style skimmer campaign that hides behind legitimate website domains to steal PII and credit card information.
Gravity Forms, a popular WordPress plugin, has been found vulnerable to
unauthenticated PHP Object Injection attacks.
This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re a Essential Addons for Elementor user, please update the plugin to at least version 5.7.2. Patchstack Developer and Business plan users are protected from the vulnerability. You can also sign up for the Patchstack Community plan to be notified about vulnerabilities […]
Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Advanced Custom Fields PRO Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 6.1.6.
