Welcome back to the Patchstack Weekly Security Update! This update is for week 25 of 2022.

This week's knowledge share will include some tips for WordPress site owners on what to look out for when choosing plugins.

I will also share vulnerability news, with one critical issue to discuss which may have already been patched, as well as highlighting the concerning trend of security bugs not receiving patches.

Welcome back to the Patchstack Weekly Security Update! This update is for week 24 of 2022.

This week I will cover two high risk unauthenticated vulnerabilities, one could allow attackers to reset an any user's password (including admin users) and the other could arbitrarily delete files from websites running insecure versions of the plugin.

Thankfully both have been patched, so now it's up to site owners to apply that patch as soon as they can.

In this week's knowledge share, i will talk about a WordPress specific security bug. This security bug only applies to WordPress websites, because it has to do with the risks involved if users are able to update, or change values in the wp_options table.

If you're curious what could go wrong if attackers can update the options table values, stick around for this week's knowledge share.

Welcome back to the Patchstack Weekly security update! This update is for week 23 of 2022.

It is the beginning of June, and WordCamp Europe is underway as I write this. WordCamps are the in-person community events for the WordPress community, and WordCamp Europe 2022 is the largest to be run in the last 2 years. This is a sign of the return of, and importance of community events.

So, on that note, this week's weekly knowledge share will be about community (and I will have a special announcement at the end.)

I will start with this week's vulnerability news first though, which will be about two vulnerabilities in WordPress plugins of which neither have a security patch available at this time.

Welcome back to the Patchstack Weekly security update! This update is for week 22 of 2022.

This week there is only one high-risk security bug patched to report on in the vulnerability news.

During this week's knowledge share I will talk about the incident response plan and the importance of having it ready for worst-case scenarios. Because having a plan will help you turn bad situations into learning experiences.

Welcome back to the Patchstack Weekly security update! This update is for week 21 of 2022.

In this week's knowledge share, I will talk more about communicating security. But, not too much, because this week I will talk about over-communicating security, also known as alert fatigue.

Of course, I will start with a few notable security bug fixes added to the Patchstack Database in this week's vulnerability news.

Welcome back to the Patchstack Weekly security update! This update is for week 20 of 2022.

This week I will talk about the importance of communication and how to communicate security when it comes to security issues. Starting from developers needing to communicate security bugs being patched and ending with how Patchstack partners are experiencing some great successes by integrating Patchstack's WordPress vulnerability intelligence API into their products. I'll tell you how and why later, in this week's knowledge share.

But first, the week's vulnerability news. Starting with announcing the winners of the Patchstack Alliance's WordPress bug hunt contest, and a heads up about two unauthenticated SQL injection security bugs one patched, one not.

Welcome back to the Patchstack Weekly security update! This update is for week 19 of 2022 and is about secure AJAX endpoints and WordPress vulnerabilities.

This week in vulnerability news, I will share two WordPress plugins with security bugs that have no patch available.

One could lead to tricking logged-in users to run arbitrary code on websites, and the other could lead to unauthenticated SQL injection.

And I have a bit of breaking news to add, it was just reported by Portswigger that it appears WordPress websites with incomplete installations are being targeted shortly after being set up.

In this week's knowledge share, I will talk about securing WordPress AJAX endpoints.

Why it is important to secure AJAX endpoints? How to spot which functions need more attention from secure code review, and how to do security testing with a tool I guarantee you probably already have installed.

I will share this tool's information in the weekly knowledge share.

Welcome back to the Patchstack Weekly Security Update! This update is for week 18 of 2022.

This week I will talk about an obscure vulnerability, something that is commonly overlooked and missed by developers, bug bounty hunters, and security researchers alike. PHP Object Injection, also known as Insecure Unserialize.

I will get started with this week's vulnerability news like always, we have a handful of vulnerabilities I would like to share with you. Including one report of, you guessed it PHP Object Injection.

Welcome back to the Patchstack Weekly security update! This update is for week 17 of 2022.

This week I have a handful of vulnerabilities to share with you. Including 3 unauthenticated SQL injection security bugs that were patched, and 3 security bugs that could lead to files being uploaded to websites running these affected plugins.

In this week's weekly knowledge share, I'm going to be talking about Egoless programming. A concept, introduced over 50 years ago, and an extremely helpful topic to cover when it comes to handling security bug reports.

Welcome back to the Patchstack Weekly security update! This update is for week 16 of 2022 and is about the power of transparency in open source, and how anyone can utilize this transparency to learn secure code review.

This week I will talk about the power of transparency in open source as it pertains to security, and how anyone, including you, can utilize this transparency to learn secure code review.

There are a lot of vulnerabilities to discuss this week as well. With some versions of Elementor being affected by an authenticated high-risk vulnerability, a development/design firm that patched many of their projects, and 9 unauthenticated SQL injection security bugs (5 with patches, and 4 without) so let's talk vulns.