Patchstack

Save the date! 💥WP Legends & Gautam Khorana are hosting a live security panel discussion featuring Oliver Sild (Patchstack), Ben Gabler (Hosting.com) and Ryan McCue (Human Made) 📅When? January 23rd - 10am EST/3pm GMT GREAT chance to ask anything you'd possibly want to know about security & WordPress 🤓 👇 Register using the link below! https://lnkd.in/d5BHK32k

🚨 Active exploitation alert for WordPress site owners 🚨 A critical unauthenticated privilege escalation vulnerability has been discovered in the Modular DS plugin, affecting 40,000+ WordPress sites. The flaw allows attackers to bypass authentication and trigger an automatic admin login, resulting in full wp-admin access. Exploitation attempts were observed in the wild shortly after disclosure. ✅ Fixed in Modular DS v2.5.2 🛡️ Patchstack users are protected via a mitigation rule 🔍 Indicators of attack and real exploitation patterns are already known This is a strong reminder that internal routes and “trusted” request paths must never be exposed without strict validation. Full technical breakdown and mitigation details 👇 https://lnkd.in/eaMFSkQE

Ever wondered how RapidMitigate is engineered under the hood? RapidMitigate creates a live profile of each website: WordPress core, plugins, themes, and exact versions. When Patchstack detects a vulnerability in software running on that site, the relevant mitigation rule is automatically deployed. When the site updates to a fixed version, the rule is removed just as automatically. Patchstack maintains 13,000+ mitigation rules, but only the ones that are actually needed are ever active on a site. In this short video, our CEO & co-founder, Oliver Sild, explains how it works.

𝗖𝗼𝗻𝘁𝗲𝘅𝘁 𝗺𝗮𝘁𝘁𝗲𝗿𝘀. It’s how RapidMitigate scales to more than 13,000 highly specific mitigation rules without performance impact. Patchstack activates rules only when a vulnerability is present and exploitable on a specific website. Each rule is built for a single vulnerability – eliminating false positives and unnecessary processing. Traditional approaches lack this application-level context. They must apply all 13,000+ rules to every request on every site, creating massive overhead and constant false positives. RapidMitigate’s dynamic, per-vulnerability deployment removes these limitations entirely. In this short video, our CEO & co-founder, Oliver Sild, explains how contextual evaluation works in practice.

In 2026, we have a lot to share with our customers! So.. we've decided to kick off with a weekly Patchstack update - where each Friday we'll share what's new and what we've shipped. First week has already been 🍌 New in product: 🔑 New API key management for partners 📃 "Managed by" mode for agencies and partners ⚖️ Default policy manager for Patchstack settings 🧩 New WordPress plugin with minor fixes 🤓 Loads of product documentation updates Misc: 🪙 Patchstack bug bounty now does Crypto payouts! 💰 New bug bounty rules for 2026 🤝 New partners - Libyan Spider & Seahawk

Read how LibyanSpider 🕷️ caught 65k+ vulnerabilitites in their web within months of turning on Patchstack 🕸️ When LS expanded their hosting offer to cover WordPress, they suddenly faced a surge of vulnerability related issues. To counter the issue and maintain customer trust and compliance, they turned to Patchstack. Shortly after implementation they: 🛡️ Blocked 65k+ threats across 400 protected sites 📉 Dramatically reduced WordPress vuln related tickets 🔒 Improved stability across shared hosting environments Read more here! https://lnkd.in/d7z2YUS6

𝗡𝗼𝘁 𝗮𝗹𝗹 𝘃𝘂𝗹𝗻𝗲𝗿𝗮𝗯𝗶𝗹𝗶𝘁𝗶𝗲𝘀 𝗮𝗿𝗲 𝗲𝗾𝘂𝗮𝗹 – 𝗮𝗻𝗱 𝘄𝗲 𝘁𝗿𝗲𝗮𝘁 𝘁𝗵𝗲𝗺 𝘁𝗵𝗮𝘁 𝘄𝗮𝘆. Every new vulnerability entering Patchstack is immediately scored by severity and real-world "exploitability": 🔴 𝗛𝗶𝗴𝗵 – mass-exploited, high-impact, actively abused at scale 🟡 𝗠𝗲𝗱𝗶𝘂𝗺 – used in more targeted attacks, such as against e-commerce sites 🟢 𝗟𝗼𝘄 – requires privileged access or is otherwise unattractive to attackers For every high- or medium-priority vulnerability, we do not publish it until a mitigation rule has been created and tested. Rule creation for RapidMitigate is fully integrated into our threat intelligence process – ensuring protection is ready the moment a vulnerability becomes public. Our CEO & co-founder, Oliver Sild, explains the workflow here.

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝘂𝗹𝗲𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗽𝗿𝗲𝗰𝗶𝘀𝗲, 𝗻𝗼𝘁 𝗴𝗲𝗻𝗲𝗿𝗶𝗰. Patchstack RapidMitigate deploys a mitigation rule only when the vulnerability exists and is exploitable on a specific website, enabling targeted protection without performance impact or false positives. Our CEO & co-founder, Oliver Sild, explains the key difference here.

🚨 Critical Vulnerability in Motors Theme (20K+ Sites Affected) If you’re using the Motors WordPress theme, versions 5.6.81 and below are vulnerable to an arbitrary file upload flaw that could let a Subscriber-level user install and activate plugins, potentially leading to a full site takeover. 👉 Update to version 5.6.82 now. 🔗 Read the full details here: https://lnkd.in/e9yV5GP7

𝗦𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗿𝘂𝗹𝗲𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗽𝗿𝗲𝗰𝗶𝘀𝗲, 𝗻𝗼𝘁 𝗴𝗲𝗻𝗲𝗿𝗶𝗰. Patchstack RapidMitigate deploys a mitigation rule only when the vulnerability exists and is exploitable on a specific website, enabling targeted protection without performance impact or false positives. Our CEO & co-founder, Oliver Sild, explains the key difference here.