PCS Creative Services LLC

10/14/2025

This is a medium level threat requiring someone to already have contributor level access to your site, but it does effect a very popular plugin used on millions of sites, Slider Revolution. Make sure you are running a good security plugin and update today.

On August 11th, 2025, we received a submission for an Arbitrary File Read vulnerability in Slider Revolution, a WordPress plugin that’s estimated to have more than 4,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with contributor-level permissions...

05/30/2025

Quick tip for making sure you get forms from your website to your inbox, never report your own form notification emails as spam. Even if the contents of the form are from some cleaning company that just happens to be in your neighborhood... Your form notifications are always legitimate emails regardless of how others use them to send you offers. If you report them as spam, you might get your own domain flagged. Most form plugins have a way to report spam submissions internally and that is the better way.

Send a message to learn more

05/13/2025

I advocate a website first strategy for your content. Combined with a good email marketing platform and campaigns, it puts you in control of your content and sharing it with an audience that is more likely to convert. All the traffic in the world doesn't matter if no one takes action. Set up a short consultation call with me today to discuss email list building and website content sharing.

Discovery-Call

12/11/2024

If you use WPForms (and many sites do!), make sure you update to the latest patched version ASAP. Here is more info about this security issue from WordFence.

On October 23th, 2024, we received a submission for a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability in WPForms, a WordPress plugin with more than 6,000,000 active installations. This vulnerability makes it possible for an authenticated attacker, with subscriber-...

11/14/2024

This is a big one and you probably got an email from RSS directly if you are using their plugin.

On November 6th, 2024, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for an Authentication Bypass vulnerability in the Really Simple Security plugin, and in the Really Simple Security Pro and Pro Multisite plugins, which are actively installed on more...

10/14/2024

Posting advice here to that I posted earlier on my own profile regarding WordPress:
I've been watching problems unfold almost daily in the WordPress community lately, each weekend there seems to be some new "unprecedented" action taken by the CEO of Automattic. For those like me who have invested years and money into this website platform, this is more than just tech giants infighting, it is stress, time and worry about the future of our websites and livelihood.
WordPress has a very large community of contributors who ensure that new features are added and security is tested and fixed. While it wouldn't be ideal, I will say that if the worst happened and the WordPress foundation just stopped providing updates, sites built with WordPress and plugins provided by WordPress wouldn't just stop working. They might not get more updates, web hosting companies would be exposed to more risks, but how your site is now would continue to function.
If Automattic ended up in enough legal trouble to shut down, the risks get higher because they own Woocommerce which is a major ecommerce platform, but that is not even on the radar yet and the legal battle that is going on will take a long time to get sorted out. The CEO of Automattic, who also claims to fully own the non profit foundation, is making some very questionable decisions and burning bridges, but for now the community is solidly behind the open source version of WordPress continuing.
Risk mitigation means that everyone should be running good security plugins already, but now is definitely the time to make sure you have good site security that proactively blocks known issues. I use the paid version of WordFence because it lets me block entire countries from accessing my site. I do not need or want international traffic. New security issues are found within WordPress and its plugins on a regular basis, but those vulnerabilities revolve around some known loopholes that WordFence blocks up front. As plugins may start to decentralize, it is important to be able to secure your website, scan it regularly, and keep regular site backups.

Send a message to learn more

08/26/2024

This is a big one! The WordPress Multilingual plugin is used on many sites to provide language translation options. If this is your site, update the plugin right away.

On June 19th, 2024, we received a submission for a Remote Code Ex*****on via Twig Server-Side Template Injection vulnerability in WPML, a WordPress plugin with more than 1,000,000 active installations. This vulnerability can be leveraged to execute code remotely by authenticated users with access to...

05/06/2024

So many people use Yoast SEO that the latest update notice by WordFence is worth mentioning. If you are using a good security plugin you should be protected from cross-site scripting issues already, but if you aren't (you should add one!), then make sure you get Yoast SEO updated ASAP.

12/04/2023

While I'm not using this plugin on sites I have built or maintain, it is still suggested as an update ASAP by WordFence, so I'm sharing here. If you are using the MW WP Form plugin, which is actively installed on more than 200,000 WordPress websites, you should get it updated right away. It is one that allows malicious code to be run. Here are more details on the WordFence blog.

🎁 Wordfence just launched its bug bounty program. Through December 20th 2023, all researchers will earn 6.25x our normal bounty rates when Wordfence handles responsible disclosure for our Holiday Bug Extravaganza! Register as a researcher and submit your vulnerabilities today!🎁 On November 24,...

10/23/2023

This is a really popular caching plugin, so I thought I'd pass along this post by WordFence. If you are using the LiteSpeed Cache plugin, make sure it is up to date.

On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site Scripting (XSS) vulnerability in LiteSpeed Cache plugin, which is actively installed on more than 4,000,000 WordPress websites, making it the most popular cache....