This update is for week 10 of 2022. It covers high-risk vulnerabilities, the insecure old Freemius library, and additions to the Patchstack database.

View this email in your browser (https://mailchi.mp/patchstack/14-vulnerabilities-that-affect-about-25-million-sites-4941844?e=89e008f344)
Podcast Episode #13
Patchstack Weekly: Vulnerability news and weekly knowledge

Hi Coffigniezâ, it's another week of Patchstack Weekly update, and firstly, let's go over important vulnerabilities.


** Limit Login Attempts (Spam Protection)
------------------------------------------------------------

Vulnerability: Unauthenticated SQL Injection (SQLi)
Fixed in version: 5.1
Number of sites affected: 300+
CVSS 3.0 score: 8.6 (High - Can be exploited remotely without any authentication.)


** Narnoo Distributor
------------------------------------------------------------

Vulnerability: Unauthenticated LFI leading to Arbitrary File Read / RCE
Fixed in version: no known fix
Number of sites affected: N/A
CVSS 3.0 score: 7.3 (High - Can be exploited remotely without any authentication.)
If you are using any of the mentioned plugins, you need to update it to the latest version as soon as possible. Websites with Patchstack installed are protected from the security issues mentioned below.

You can find all the vulnerabilities from our vulnerability database (https://patchstack.com/database/) .
Weekly knowledge about Freemius library

This week Robert will talk a little more about the Freemius library updates, and why having a trustworthy ally in the fight to defend your website against attacks. This is an important decision to make before you need it, because if you delay then it may be too late to protect sites from compromise.ð
Read & listen the episode (https://patchstack.com/articles/patchstack-weekly-week-10-influx-of-new-vulnerabilities-freemius-library/)
Always keep your plugins updated. If possible, enable automatic updates. You can enable automatic updates with Patchstack here (https://app.patchstack.com/components/updates) .

If you are not protecting your WordPress site against plugin vulnerabilities yet go and start for free here (https://app.patchstack.com/register) .

Are you on Facebook? Join the Patchstack community (https://www.facebook.com/groups/patchstackcommunity)  and be the first to hear about new feature updates, news, and announcements.

============================================================
** LinkedIn (https://www.linkedin.com/company/patchtsack)
** Facebook (https://www.facebook.com/patchstackapp)
** Twitter (https://twitter.com/patchstackapp)
** Spotify (https://open.spotify.com/show/1LsZ2aGUmw8ule2BHZHb0r?si=e9fe0ecb62014f91)
Copyright Â© 2022 Patchstack, All rights reserved.
 You are receiving this email because you opted in via our website.

Our mailing address is:
Patchstack
Akadeemia 1
Forwardspace
Parnu 80011
Estonia
Want to change how you receive these emails?
You can ** update your preferences (https://patchstack.us7.list-manage.com/profile?u=7ea59008200002d7f0db008f6&id=5bd388ff7d&e=89e008f344&c=2ae9da963b)
or ** unsubscribe from this list (https://patchstack.us7.list-manage.com/unsubscribe?u=7ea59008200002d7f0db008f6&id=5bd388ff7d&e=89e008f344&c=2ae9da963b)
.