Patchstack

Full report here! patchstack.com/whitepaper/sta…

Our "State of WordPress Security 2026" report is now live! 💥 This year we took a step back to look at the impact of vulnerabilities rather than the overall numbers. We also teamed up with Monarx to explore how malware campaigns and techniques evolved during 2025. **Key learnings:** ⚠️ More high severity vulnerabilities were found in 2025 than in the two previous years *combined* ⚡ Median time from discovery to mass exploitation for severe vulnerabilities is just 5 hours ❌ 46% of vulnerabilities were not fixed by developer by the time of public disclosure 💸 76% of vulnerabilities found in premium components were exploitable 🥷 Increased usage of uploader scripts suggests attackers are adopting more complex strategies Read the whitepaper for the full insights ( 🔗 link in comments!)

Si te dedicas al mantenimiento de webs de WordPress, sabes que la seguridad no es opcional. Es una parte esencial del servicio que ofreces a tus clientes. Por eso, este webinar con @patchstackapp está pensado para ti 💜 📅 16 de diciembre a las 17:00 CET 🎟️ Online y gratuito

Friday Feature Focus: Site Protect. Powered by @patchstackapp, it runs at the PHP level with zero impact on performance Virtual patches applied automatically Malicious IPs blocked User enumeration disabled XML-RPC restricted to authenticated users One toggle. €2/site/month

@no_fear_inc @OliverSild @FrancescaMarano No idea what’s written there, but thanks! 🤩

Patchstack callout at WordCamp Sofia #wcsof @patchstackapp @OliverSild @FrancescaMarano

Wanna feel safe? Put your @patchstackapp socks on!

😱 When your security tool has a vulnerability of its own... A critical RCE vulnerability was discovered in a major security tool used on 56 million+ websites and almost no one was talking about it. So the @patchstackapp research team did.

We are thrilled by reports back from Scott & @courtneyr_dev .... 22 devs, 1 day, a working security-labeling layer connecting @fair_pm, @patchstackapp & #WordPress packages. Proud to support this step toward decentralized, DID-powered plugin security. Many thanks @CaroleOlinger

87.8% of vulnerability exploits still bypass hosting defenses, and too many agencies assume hosts keep them safe but the data says otherwise. So we’ve dropped Site-Protect (virtual patching) from €3 → €2. Real protection should be accessible to everyone. Thanks @patchstackapp

What an epic day... Just doing a roundup now of the hackathon for the Fair.pm x @patchstackapp security labeller! Well done everyone

“AI is like a double-edged sword,” says Oliver Sild, a former hacker turned founder. “It can level the playing field between the defenders and the attackers but only if they move at the same pace, which they rarely do.” This tension is exactly what led him to build @patchstackapp. Patchstack was built to protect the open-source ecosystem, using @Google’s Gemini 2.5 Pro to detect and block vulnerabilities before attackers can exploit them. Today, Patchstack safeguards millions of websites and powers the world’s largest network of ethical hackers. (Source: goo.gle/47uk7hA)

Our new hosting integration is live 🎉 Plug-and-play protection, no infra work needed. Simply deploy Patchstack at scale to your users 🔌 Read more 🔗 patchstack.com/articles/new-p…

Those sneaky @patchstackapp-ers have done it again with their LinkedIn header. If you're at @MSPglobalevent this week, come say hi at their booth where I'll be fighting them irl about this 😡

If you’re at @MSPglobalevent and looking to protect your customers websites against vulnerabilities that traditional WAFs fail to mitigate - meet us tomorrow by finding the booth that’s not blue and let’s have a chat! 🫡 #mspglobal

🎃 Where are the CVEs?? 🎃 The CVE firehose from #1 CNA @patchstackapp has been off since Sept 26th. 19 days of silence—way past their summer break. Is the whole team wrestling the SQL Injection monster?

Como siempre, muchos regalitos chulos de los patrocinadores, pero eso no es lo mejor de ellos. Si gente y sus servicios, sí. Gracias @patchstackapp y @weglot !! #WPAgencyForum

Is your WordPress site secure? @patchstackapp will keep you safe! And my feet.

Most of vulnerabilities tend to come from plugins and we take that seriously. And thanks to @patchstackapp who monitors these issues to promptly report to plugin authors - it all gets addressed as the top priority from our side #WordCampGdynia #WCGdynia

@WordCampLondon @rmccue @magicroundabout And now our very own patchy @iamrashminagpal talking about multi-agentic workflows we use at @patchstackapp

What makes @patchstackapp so effective against #WordPress vulnerabilities? Recently, we were recognized as the earliest reporter of known exploited vulnerabilities (KEVs) - meaning we see the attacks against new vulnerabilities before anyone else.