Welcome back to the Patchstack Weekly Security Update! This update is for week 15 of 2022 and will talk about WordPress security history.

This week is a special episode. There were not many critical vulnerabilities to cover this week. So I will skip the vulnerability news and share with you, a lesson about WordPress security history over the last 18 years. My hope is that by knowing this history, we can learn some lessons along the way.

Of course, there were some interesting vulnerabilities this week. If you would like to check them out, please go to the Patchstack Database.

Welcome back to the Patchstack Weekly security update! This update is for week 14 of 2022 and I will talk about the first 5 steps to a secure WordPress.

This week has a lot of vulnerability news to cover, and I will be sharing it as a 3-2-1 punch of 3 plugins that received no patch for security bugs, 2 premium plugins that patch critical security bugs, and 1 public exploit already being shared for a Local File Inclusion vulnerability.

In this week's knowledge share, I will talk about the first 5 steps of WordPress security. These steps are not the only steps you should take for security, they are the steps you should be taking when you are first setting up a WordPress website from scratch, to ensure it is secure from day 1. I will add a bonus step for bare basic security maintenance.

Welcome back to the Patchstack Weekly security update! This update is for week 13 of 2022.

This week, I will talk about two high-risk vulnerabilities in two WordPress plugins with one big difference: One was patched, one was not.

In this week's knowledge share I will share some new WP-CLI Security commands that were just added. I hope you've heard of WP-CLI, if not, then you are in for a nice surprise!

Welcome back to the Patchstack Weekly Security Update! This update is for week 12 of 2022.

This week in WordPress-related vulnerabilities, I will talk about 3 plugins that have each been patched due to high-risk security bugs found in their code.

I will also provide an update on the insecure Freemius library situation, and share some possible expectations for what will happen in the next few weeks.

I will then talk about defensive coding strategies for a common security bug in this week's knowledge share. A serious security bug we saw a lot of in WordPress themes in 2021 according to our whitepaper: arbitrary file upload.

Welcome back to the Patchstack Weekly security update! This update is for week 11 of 2022. This week is all about plugin vulnerabilities and the State of WordPress Security 2021 whitepaper.

There is some big news this week, but really I should say last week. Patchstack released our State of WordPress Security Whitepaper for 2021 on March 9th or last Wednesday.

I will be giving a short summary of some high points in this week's knowledge share, but if you would like to read the whole thing you can view it on patchstack.com for free, no email or registration is required.

Before I talk about WordPress security from 2021 … I need to tell you about this week's vulnerability news, which includes a WordPress core security release (5.9.2) and five WordPress plugins that patched high-risk security bugs in them in the last week. Emphasis on high risk too, they require no authentication for an attack to be successful.

Welcome back to the Patchstack Weekly Security Update! This update is for week 9 of 2022 it is the beginning of March.

In this week I will cover a few high-risk vulnerabilities found in WordPress components, give an update on the insecure old Freemius library situation and discuss last month's additions to the Patchstack database.

Welcome back to the Patchstack Weekly security update! This update is for week 8 of 2022 and focuses on insecure libraries.

This week has been a heavy news week for the world, and open-source, specifically WordPress security concerns were no exception.

There are 5 plugins that have released patches for serious vulnerabilities this week, as well as over 800 plugins that Patchstack recently identified as including insecure libraries used in their codebase. So, I will keep a lot of this week's updates fairly brief.

A quick note on the more serious news which is still unfolding in Ukraine. Patchstack has set up a hub for businesses and security experts who are looking to help Ukrainian NGOs during this troubling time. If you would like to learn more, please check out UACyberHelp.com

In this week's knowledge share, I will talk about insecure libraries. This specific library is being used by hundreds of WordPress plugins, what the developers can do about it, and what site owners can do to check if they are affected.

Welcome back to the Patchstack Weekly security update! This update is for week 8 of 2022 and will dive into several vulnerabilities and talk about vulnerability risks.

This week's vulnerability news will have a lot to cover. One WordPress plugin had a vulnerability so severe the WP.org team initiated an auto-update for all installations. Another WordPress plugin patched 7 security bugs over 2 releases, and WordPress core had a vulnerability disclosed publicly before they could release a patch.

With so much news to cover about vulnerabilities, I think it is a good week to discuss vulnerability severity and how all vulnerabilities are not equal. In this week's knowledge share I will talk about what makes some vulnerabilities more or less severe than others, and how you can use this knowledge to prioritize patching time.

Welcome back to the Patchstack Weekly security update! This update is for week 6 of 2022.

Last week, two high severity vulnerabilities were patched by the developers of WP Spell Check and Revolut Gateway for WooCommerce.

Both of these plugins patched unauthenticated SQL injection vulnerabilities, so that will be the topic of this week's knowledge share.

Welcome back to the Patchstack Weekly security update! It is the beginning of February and this update is for the fifth week of 2022.

This week I will share some of the core principles of open-source software development and how security researchers participate in them, as well explaining why open source projects should always have a vulnerability disclosure policy and what makes a good vulnerability disclosure policy.

This week in WordPress component patches news, there are three critical vulnerabilities I will highlight in three plugins: So let's get into it.