JavaScript is disabled in your browser. Please enable JavaScript for a better experience.
Pricing
Solutions
WordPress security
For care plans
API for developers
API for hosts
For plugin developers
For researchers
Vulnerability database
Community
Login
Start FREE
🎉 NEW: Reduce alert fatigue with the new Patch Priority scoring system
Latest
WordPress How-To's
Security Advice
Security Advisories
Patchstack News
Patchstack How-To's
Rafie Muhammad
Security Researcher at Patchstack
29 November, 2023
Thrive Theme Vulnerability: Dismiss Tooltip to Privilege Escalation
thrive
theme
privilege escalation
15 November, 2023
Authenticated Stored XSS in WooCommerce and Jetpack Plugin
xss
woocommerce
jetpack
8 November, 2023
Arbitrary Attachment Render to XSS in Elementor Plugin
Elementor
xss
13 October, 2023
WordPress Core 6.3.2 Security Update – Technical Advisory
WordPress core
security release
12 October, 2023
Pre-Auth Arbitrary File Upload in User Submitted Posts Plugin
Critical Vulnerability
arbitrary file upload
unauthenticated
27 September, 2023
Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin
simple membership
privilege escalation
15 September, 2023
Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor
Essential Addons for Elementor
privilege escalation
6 September, 2023
Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5
php object injection
flatsome
31 August, 2023
Critical Arbitrary File Upload Patched in Forminator Plugin
Critical Vulnerability
arbitrary file upload
forminator
30 August, 2023
Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions
access token
all-in-one wp migration
24 August, 2023
Critical Vulnerabilities Patched in Jupiter X Core Plugin
Jupiter X
Critical Vulnerability
arbitrary file upload
account takeover
10 August, 2023
Multiple High and Critical Vulnerabilities in Avada Theme and Plugin
avada
xss
rce
ssrf
sqli
3 August, 2023
Authenticated RCE in JetElements For Elementor Plugin
Critical Vulnerability
Elementor
rce
jetelements
27 July, 2023
Multiple High Severity Vulnerabilities in Ninja Forms Plugin
ninja forms
xss
broken access control
18 July, 2023
Site-Wide Reflected XSS in Freemius WordPress SDK Affecting Millions of Sites
freemius
supply chain attack
xss
14 July, 2023
Critical Privilege Escalation in HT Mega Plugin Affecting 100k+ Sites
Critical Vulnerability
privilege escalation
13 June, 2023
Unauthenticated IDOR to PII Disclosure in WooCommerce Stripe Gateway Plugin
Security Advisory
30 May, 2023
Unauthenticated PHP Object Injection in Gravity Forms Plugin
Security Advisory
19 May, 2023
CSRF to wp-admin Site Wide XSS in UpdraftPlus Plugin
Security Advisory
17 May, 2023
WordPress Core 6.2.1 Security Update – Technical Advisory
Security Advisory
11 May, 2023
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Security Advisory
5 May, 2023
Reflected XSS in Advanced Custom Fields Plugins Affecting 2+ Million Sites
Security Advisory
18 April, 2023
Critical Unauthenticated SQL Injection in Quiz And Survey Master
Security Advisory
24 March, 2023
User Registration Plugin Vulnerability
Security Advisory
1 March, 2023
Security Vulnerability In OceanWP Theme
Security Advisory
21 February, 2023
Multiple Vulnerabilities In Shortcodes Ultimate Plugin Versions
Security Advisory
14 February, 2023
Vulnerability In Rank Math SEO Plugin
Security Advisory
2 February, 2023
Multiple Vulnerabilities Fixed In WP Statistics Plugin Version
Security Advisory
24 January, 2023
Multiple Critical Vulnerabilities Fixed In LearnPress Plugin Version
Security Advisory
Load more
All solutions
WordPress security
Plugin auditing
Vulnerability database
API for developers
Bug bounty program
Active security programs
NEW
WordPress security
For care plans
For hosts
For plugin developers
NEW
Pricing & features
Documentation
Patchstack
About us
Careers
Media kit
Articles & insight
Whitepaper 2022
Social
LinkedIn
Facebook
Join community
Twitter
Join Discord
DPA
Privacy Policy
Terms & Conditions
© 2023
Patchstack
WordPress security
Pricing & features
For care plans
For hosts
For plugin developers
NEW
Documentation
All solutions
WordPress security
Plugin auditing
Vulnerability database
API for developers
Bug bounty program
Active security programs
NEW
Patchstack
About us
Careers
Media kit
Articles & insight
Whitepaper 2022
Social
LinkedIn
Facebook
Join community
Twitter
Join Discord
© 2023 Patchstack
This website uses cookies.
Learn more.
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
Reload page
close
chevron-right
chevron-down
twitter-square
facebook-square
linkedin-square
bars
cross
menu
