This website uses cookies

Our website, platform and/or any sub domains use cookies to understand how you use our services, and to improve both your experience and our marketing relevance.

🔊 Web Growth Summit is here! Learn from industry experts on July 17-18, 2024. REGISTER NOW→

Meet Our New WordPress Vulnerability Scanner – Powered by Patchstack

Updated on October 23, 2023

4 Min Read
WordPress Vulnerability Scanner

In March 2023, a critical security flaw (CVE-2023-32243) was discovered in Elementor Pro, allowing hackers to control WordPress sites with WooCommerce enabled.

The vulnerability allowed malicious users to turn on the registration page, set the default user role to administrator according to Patchstack, and potentially redirect the site to another malicious domain or install plugins or backdoors.

While this flaw only impacted versions 3.11.6 and earlier, it was addressed by Elementor in version 3.11.7, released on March 22. Despite the fix, active exploitation attempts were detected by Patchstack, and any WordPress sites that were not promptly updated remained vulnerable.

The State of WordPress Security

With over 5 million WordPress sites using Elementor Pro, even a small fraction of users unaware of this vulnerability or failing to update to the latest version could risk hundreds or even thousands of sites. This incident stands as a stark reminder of the importance of keeping up to date on vulnerabilities & updates for those of us in the WordPress community.

Now, some of you might be thinking, such vulnerabilities can’t be commonplace, can they?

The truth is far from that.

In the larger context, the number of new vulnerabilities in WordPress tripled in 2022, reaching over 4,500, as reported by Patchstack’s 2022 WordPress security report. With the vast majority of them being in plugins (93%), followed by themes (6.7%).

Many popular plugins used by millions – like Elementor, UpdraftPlus, WooCommerce, Yoast SEO, and Contact Form by WPForms – were identified with flaws that could be exploited by hackers & other malicious actors.

Thus driving home the increasing importance of not only having robust security systems in place but also keeping up to date on all the latest security bugs detected.

Introducing the Cloudways Vulnerability Scanner – Powered by Patchstack

At Cloudways, we understand the importance of proactively addressing vulnerabilities for our customers. That’s why we’re thrilled to announce the Cloudways Vulnerability Scanner to enhance your Cloudways experience.

How It Works

Powered by Patchstack, the Vulnerability Scanner identifies the core, plugin & theme versions installed on your WordPress websites. It then periodically taps into Patchstack’s vulnerability database to check for security issues within your WordPress Core, theme, and plugins.

If a vulnerability is detected, you can find details in the Vulnerability Scanner option for your app, listing the specific WordPress core, theme, & plugin versions. Vulnerable versions are marked with “Issue detected,” along with the recommended actions under the recommendations section.

If the vulnerability has been patched in a newer version, the scanner will recommend updating the plugin. However, if no patch is available, removal of the plugin is recommended as the best course of action. Our partnership with Patchstack ensures that you receive early notifications about each security bug 48 hours before it is released to the public domain, allowing you to act promptly.

You will also receive notification emails via Cloudways Bot in case any vulnerabilities are detected for any of your WordPress apps. You can even set up Slack channel notifications through the Cloudways Bot.

In case of a new theme or plugin addition to your WordPress, you can check for reported security bugs on-demand by using the “Refresh” button at the top right of the Vulnerability Scanner menu.

With Cloudways taking daily backups, you can easily restore previous versions of your websites in case any vulnerability gets exploited.

Note: The Vulnerability Scanner checks WordPress for security bugs and vulnerabilities. It cannot scan for malware already on your site. Any core, plugin, or theme versions marked secure have no known vulnerabilities & hence are secure from new external threats wanting to exploit potential bugs.

Behind the Scenes at Patchstack

At this point, you might be wondering: What is Patchstack? And how does it manage to track thousands of WordPress plugin & theme versions so effectively?

What is Patchstack?

Well, here’s a short version.

Patchstack provides vulnerability scanning and security for WordPress sites. Founded by Oliver Sild, a former digital agency owner, Patchstack was born out of the need to monitor plugins and themes across different CMS websites.

What began as an internal tool to monitor client sites and flag vulnerable plugin versions evolved into Patchstack (formerly WebArx), now used by thousands of developers to lock down WordPress security.

As of 2023, Patchstack has become the #1 source of WordPress vulnerability data per volume, with popular plugins such as Elementor and WProcket designating Patchstack as their official security point of contact. They also offer a suite of WordPress security services, including vulnerability management, detection, and vulnerability mitigation through precise virtual patching rules.

How Does Patchstack Stay On Top of Vulnerabilities

Patchstack takes a leaf out of WordPress’s success. The power of the community!

Patchstack created the Patchstack Alliance, which is now a community of ethical hackers, security researchers, plugin vendors, theme developers, and hosting companies who collaborate to enhance the safety of the WordPress and open-source ecosystem.

Whenever Alliance members discover a vulnerability, they report it to Patchstack, receiving a bug bounty (sponsored by Patchstack) and public recognition. Patchstack then manually verifies each reported vulnerability. Once verified, they share all important details with the plugin or theme developer, enabling them to create a patch. Thanks to this effort, Patchstack remains continuously updated with the latest WordPress vulnerabilities, ensuring your website’s safety.

What’s Next

Up next, we’ll soon be releasing another exciting upgrade that’s set to further bolster WordPress site security here at Cloudways. So stay tuned, and do let us know of any feedback & requests at feedback.cloudways.com

Share your opinion in the comment section. COMMENT NOW

Share This Article

Muneeb Ajmal

I'm a Product Marketer with a strong passion for discovering cutting-edge tech solutions that address our everyday challenges. Delving into the world of innovative technology never ceases to amaze me. When I'm not immersed in the realm of tech, you can catch me scrolling through Instagram, admiring the vibrant beauty of various bird species, or escaping into the captivating world of fiction.

×

Get Our Newsletter
Be the first to get the latest updates and tutorials.

Thankyou for Subscribing Us!

×

Webinar: How to Get 100% Scores on Core Web Vitals

Join Joe Williams & Aleksandar Savkovic on 29th of March, 2021.

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Do you like what you read?

Get the Latest Updates

Share Your Feedback

Please insert Content

Thank you for your feedback!

Want to Experience the Cloudways Platform in Its Full Glory?

Take a FREE guided tour of Cloudways and see for yourself how easily you can manage your server & apps on the leading cloud-hosting platform.

Start my tour

CYBER WEEK SAVINGS

  • 0

    Days

  • 0

    Hours

  • 0

    Mints

  • 0

    Sec

GET OFFER

For 4 Months &
40 Free Migrations

For 4 Months &
40 Free Migrations

Upgrade Now