If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. Vulnerability Information On April 10, 2025, a critical vulnerability in the WordPress plugin SureTriggers (version 1.0.78 and below) was identified and published. This flaw, allows unauthenticated attackers to create [...]
WP Ghost Local File Inclusion to RCE This blog post is about the WP Ghost plugin vulnerability. If you’re a WP Ghost user, please update the plugin to at least version 5.4.02. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is [...]
Chaty Pro Unauthenticated Arbitrary File Upload This blog post discusses about the findings on the Chaty Pro plugin. This vulnerability is fixed on version 3.3.4 and the vulnerable function didn’t exist on free version (Chaty) of the plugin. If you are a Patchstack customer, you are protected from this vulnerability [...]
Essential Addons for Elementor Reflected Cross Site Scripting This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re an Essential Addons for Elementor user, please update the plugin to at least version 6.0.15. If you are a Patchstack customer, you are protected from this vulnerability already, [...]
K Elements Privilege Escalation This blog post is about the K Elements plugin vulnerability. If you’re a KLEO theme user who is using the K Elements plugin, please update the plugin to at least version 5.4.0. If you are a Patchstack customer, you are protected from this vulnerability already, and [...]
Admin and Site Enhancements (ASE) Privilege Escalation Admin and Site Enhancements (ASE) Pro Privilege Escalation This blog post is about the Admin and Site Enhancements (ASE) free and pro plugin vulnerability. If you’re an Admin and Site Enhancements (ASE) user, please update the plugin to at least version 7.6.3. If [...]
Better Find and Replace Privilege Escalation Vulnerability This blog post is about the Better Find and Replace plugin vulnerability. If you’re a Better Find and Replace user, please update the plugin to at least version 1.6.8. If you are a Patchstack customer, you are protected from this vulnerability already, and [...]
Easy Real Estate Plugin Unauthenticated Privilege Escalation This blog post discusses about the findings on the RealHome theme and the plugin that is installed with it Easy Real Estate. Currently there are no known updates to fix this issue so if you are a user of the theme and plugin [...]
GiveWP Unauthenticated PHP Object Injection The vulnerability in the GiveWP plugin was originally reported by Patchstack Alliance community member Edisc from Zalopay Security to the Patchstack Zero Day bug bounty program for WordPress. Patchstack Zero Day program has awarded the researcher a bounty of $2,600 USD. If you wish to [...]
Fancy Product Designer Unauthenticated Arbitrary File Upload Fancy Product Designer Unauthenticated SQL Injection This blog post is about Fancy Product Designer plugin vulnerabilities. If you’re a Fancy Product Designer user, please delete or deactivate the plugin until the patch is released by the vendor. If you are a Patchstack customer, [...]
WPLMS Unauthenticated Arbitrary File Upload WPLMS Subscriber+ Arbitrary File Upload WPLMS Sutedent+ Arbitrary File Upload WPLMS Unauthenticated Privilege Escalation WPLMS Subscriber+ Privilege Escalation WPLMS Unauthenticated SQL Injection WPLMS Subscriber+ SQL Injection VibeBP Unauthenticated Privilege Escalation VibeBP Unauthenticated SQL Injection VibeBP Subscriber+ SQL Injection This blog post is about the WPLMS [...]
Woffice Theme Unauthenticated Privilege Escalation Woffice Theme Unauthenticated Broken Authentication This blog post is about the Woffice theme vulnerabilities. If you’re a Woffice user, please update the theme to at least version 5.4.15. Patchstack customers are protected from this vulnerability, and no immediate action is needed from you. For plugin [...]
