Let's defend
WordPress,

together.

Crowdsourced Patches for Crowdsourced Vulnerabilities.

A Call for a Safer WordPress: Vulnerability Protection for All

In the evolving world of WordPress, the battle against security vulnerabilities is constant. For millions of WordPress users, these vulnerabilities can lead to compromised websites, data breaches, and loss of user trust. Plugin and theme developers race to patch issues, while security researchers identify and disclose weaknesses. However, the current vulnerability management process leaves many websites exposed and at risk.

The Problem with Current Vulnerability Disclosures

Security research companies discover vulnerabilities and notify plugin developers to patch them. After some time, they disclose the vulnerability to the public, allowing users to update their plugins. However, this system has flaws. Once vulnerabilities are publicly disclosed, hackers rush to exploit sites that haven’t yet applied the patch. Moreover, many security companies offer early protection only to premium users, leaving free plugin users vulnerable.

This process inadvertently puts many smaller websites at risk. The plugin developers themselves often cannot inform their own users about the nature of the vulnerability before the official disclosure, as this could be considered early disclosure, violating agreements with security companies. As a result, users may be unaware that their websites are vulnerable, and bad actors exploit the delay between disclosure and patching.

A Better Approach: Immediate Protection for All Users

To solve this, we offer a free plugin that ensures immediate protection for all WordPress users. Our solution pushes firewall rules and patches as soon as vulnerabilities are disclosed, ensuring websites are protected without waiting for an official patch. This protection is silent and automatic, ensuring that users don’t need to take any immediate action.

Our approach:

  • Immediate Patches Upon Disclosure: When vulnerabilities are disclosed, our plugin pushes patches or firewall rules that prevent exploitation.
  • Silent Protection: We operate in the background, allowing plugin developers to roll out patches at their own pace without compromising user security.
  • Collaboration with Plugin Developers: Plugin authors can collaborate with us to ensure their users are protected even before they release a fix or public disclosure without violating early disclosure agreements.
  • Free and Accessible: Security should not be a privilege. Our plugin is free and accessible and ensures that all WordPress users are protected from newly disclosed vulnerabilities.

Protecting Everyone, Not Just the Privileged Few

Security should not be reserved for those who can afford premium services. The spirit of WordPress is inclusivity, and this should extend to security as well. When vulnerabilities are disclosed, they pose a risk to every website, regardless of its owner’s resources. Every WordPress user should have access to immediate protection.

Security researchers play a vital role in identifying vulnerabilities, but the current system leaves too many users exposed. Our approach aims to create a safer WordPress ecosystem for all, by closing the gap between vulnerability disclosure and patching.

This isn’t about taking credit—it’s about prioritizing the safety of small business owners, bloggers, and entrepreneurs who rely on WordPress. By silently closing the vulnerability gap, we aim for a future where WordPress security is accessible to everyone.

Let’s build a safer WordPress ecosystem together—one that protects all users, not just the privileged few.

100% FREE FOR ALL

Vulnerabilities Crowdsourced from WordPress security researchers and the amazing public databases of –

Campress (Unauthenticated Local File Inclusion)
2 days ago
PROTECTED
Puzzles | WP Magazine / Review with Store WordPress Theme + RTL (Unauthenticated PHP Object Injection)
2 days ago
PROTECTED
Avada Builder (Arbitrary Shortcode Execution) < 3.11.14
2 days ago
PROTECTED
Avada Theme (Unauthenticated Arbitrary Shortcode Execution) < 7.11.14
2 days ago
PROTECTED
WP Job Board Pro (Unauthenticated Privilege Escalation)
3 days ago
PROTECTED
Real Estate 7 WordPress (Unauthenticated Privilege Escalation) < 3.5.2
3 days ago
PROTECTED
Small Package Quotes Purolator Edition (SQL Injection)
3 days ago
PROTECTED
WP Foodbakery (Unauthenticated Arbitrary File Upload)
4 days ago
PROTECTED
Super Store Finder (SQL Injection to Stored Cross-Site Scripting) < 7.1
6 days ago
PROTECTED
WP Directorybox Manager (Authentication Bypass)
6 days ago
PROTECTED
317
Vulnerabilities addressed

FAQs

Currently, security research companies identify vulnerabilities in WordPress plugins or themes and notify the developers. The developers are given time to create a patch. During this time, premium users of the security companies are offered protection against the vulnerability. After the patch is made, the vulnerability is disclosed publicly. Unfortunately, once disclosed, hackers can target websites that haven’t yet applied the patch, leaving many users vulnerable.

While the current process allows developers time to patch vulnerabilities, it unintentionally leaves many users—especially those without premium protection—exposed once the vulnerability is disclosed. Hackers actively target disclosed vulnerabilities, creating a window in which users who haven’t yet updated their plugins are vulnerable to attacks. The system also prevents plugin developers from informing their own users of vulnerabilities before public disclosure, limiting early protection.

We offer a free plugin that immediately pushes patches or firewall rules to protect websites when vulnerabilities are disclosed. This ensures all users are protected, regardless of whether they have premium protection. Our plugin works silently, pushing protection as soon as a vulnerability is disclosed, even if a patch from the developer hasn’t been applied yet.

Once a vulnerability is disclosed, our plugin pushes a silent update that either applies a patch or implements firewall rules to prevent exploitation. This immediate protection means that users are safeguarded against attacks, even if they haven’t yet applied the official patch provided by the plugin developer.

No, our goal is to protect users, not to take credit for patching or disclosures. Security research companies deserve recognition for their work in identifying vulnerabilities, and we respect that. We focus on providing immediate protection to all WordPress users, without seeking credit or publicity for doing so.

Yes, plugin developers can contact us to push patches through our platform before public disclosure. This ensures that their users are protected without violating early disclosure agreements with security companies.

Yes, our plugin is completely free and accessible to all WordPress users. We believe that security should not be a luxury and aim to protect every WordPress site, regardless of financial resources.

The WordPress ecosystem is built on open-source principles: inclusivity and accessibility. Unfortunately, the current vulnerability disclosure process leaves many users—particularly those using free plugins—vulnerable to attacks. By offering free, immediate protection, we aim to ensure that all WordPress users, regardless of financial status, are safeguarded from potential threats.

Unlike other security companies that offer early protection only to their premium users, our solution is free and available to everyone. We push patches and firewall rules silently upon vulnerability disclosure, ensuring that all users are protected, not just those with paid services.

No, our plugin works alongside official patches from developers. It provides temporary protection through firewall rules or patches until the official update is applied, ensuring that users are not left vulnerable during the critical window between disclosure and patch adoption.