Skip to main content
JavaScript is disabled in your browser. Please enable JavaScript for a better experience.
Pricing
Solutions
WordPress security
For care plans
API for developers
API for hosts
For plugin developers
For researchers
Vulnerability database
Community
Login
Start FREE
🎉 NEW: Reduce alert fatigue with the new Patch Priority scoring system
Latest
WordPress How-To's
Security Advice
Security Advisories
Patchstack News
Patchstack How-To's
Security Advisories
Author's position will be here
Security Advisories
Latest
WordPress How-To's
Security Advice
Security Advisories
Patchstack News
Patchstack How-To's
Search for:
8 December, 2023
Critical Vulnerability in Elementor Affecting 5+ Million Websites
Critical Vulnerability
Elementor
arbitrary file upload
6 December, 2023
WordPress 6.4.2 Security Release
wordpress
3 December, 2023
Fake CVE Phishing Campaign Tricks WordPress Users Into Installing Malware
CVE-2023-45124
CVE
29 November, 2023
Thrive Theme Vulnerability: Dismiss Tooltip to Privilege Escalation
thrive
theme
privilege escalation
15 November, 2023
Authenticated Stored XSS in WooCommerce and Jetpack Plugin
xss
woocommerce
jetpack
8 November, 2023
Arbitrary Attachment Render to XSS in Elementor Plugin
Elementor
xss
13 October, 2023
WordPress Core 6.3.2 Security Update – Technical Advisory
security release
WordPress core
12 October, 2023
Pre-Auth Arbitrary File Upload in User Submitted Posts Plugin
Critical Vulnerability
unauthenticated
arbitrary file upload
27 September, 2023
Two Paths to Privilege Escalation Vulnerability In The Simple Membership Plugin
simple membership
privilege escalation
15 September, 2023
Authenticated Privilege Escalation Vulnerability in Essential Addons for Elementor
Essential Addons for Elementor
privilege escalation
6 September, 2023
Unauthenticated PHP Object Injection in Flatsome Theme <= 3.17.5
php object injection
flatsome
31 August, 2023
Critical Arbitrary File Upload Patched in Forminator Plugin
forminator
arbitrary file upload
Critical Vulnerability
30 August, 2023
Pre-Auth Access Token Manipulation in All-in-One WP Migration Extensions
access token
all-in-one wp migration
24 August, 2023
Critical Vulnerabilities Patched in Jupiter X Core Plugin
Jupiter X
arbitrary file upload
Critical Vulnerability
account takeover
10 August, 2023
Multiple High and Critical Vulnerabilities in Avada Theme and Plugin
avada
xss
ssrf
sqli
rce
3 August, 2023
Authenticated RCE in JetElements For Elementor Plugin
rce
jetelements
Elementor
Critical Vulnerability
27 July, 2023
Multiple High Severity Vulnerabilities in Ninja Forms Plugin
xss
broken access control
ninja forms
18 July, 2023
Site-Wide Reflected XSS in Freemius WordPress SDK Affecting Millions of Sites
xss
freemius
supply chain attack
14 July, 2023
Critical Privilege Escalation in HT Mega Plugin Affecting 100k+ Sites
privilege escalation
Critical Vulnerability
13 June, 2023
Unauthenticated IDOR to PII Disclosure in WooCommerce Stripe Gateway Plugin
Security Advisory
30 May, 2023
Unauthenticated PHP Object Injection in Gravity Forms Plugin
Security Advisory
19 May, 2023
CSRF to wp-admin Site Wide XSS in UpdraftPlus Plugin
Security Advisory
17 May, 2023
WordPress Core 6.2.1 Security Update – Technical Advisory
Security Advisory
11 May, 2023
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Security Advisory
5 May, 2023
Reflected XSS in Advanced Custom Fields Plugins Affecting 2+ Million Sites
Security Advisory
2 May, 2023
Critical Easy Digital Downloads Vulnerability
Security Advisory
18 April, 2023
Critical Unauthenticated SQL Injection in Quiz And Survey Master
Security Advisory
30 March, 2023
Critical Elementor Pro Vulnerability Exploited
Security Advisory
24 March, 2023
User Registration Plugin Vulnerability
Security Advisory
23 March, 2023
Critical Vulnerability in WooCommerce Payments
WooCommerce Payments
1 March, 2023
Security Vulnerability In OceanWP Theme
Security Advisory
27 February, 2023
Vulnerability In Houzez Theme Exploited in The Wild
21 February, 2023
Multiple Vulnerabilities In Shortcodes Ultimate Plugin Versions
Security Advisory
14 February, 2023
Vulnerability In Rank Math SEO Plugin
Security Advisory
2 February, 2023
Multiple Vulnerabilities Fixed In WP Statistics Plugin Version
Security Advisory
1 February, 2023
Solving Unpredictable WP-Cron Problems, Addressing CVE-2023-22622
Security Advisory
24 January, 2023
Multiple Critical Vulnerabilities Fixed In LearnPress Plugin Version
Security Advisory
17 January, 2023
Multiple MainWP Vulnerabilities Affecting Its Extensions
17 October, 2022
WordPress 6.0.3 Security Release Summary
WordPress Security Vulnerabilities
12 August, 2022
A “New” Bug – PHP Object Injection via Insecure Instantiation
WordPress Security Vulnerabilities
17 June, 2022
Ninja Forms Plugin Object Injection Security Bug Gets Patched
ninja forms
13 April, 2022
Critical Vulnerability Fixed In Elementor Plugin Version 3.6.3
Elementor
8 February, 2022
Critical Vulnerability Fixed In Responsive Menu Plugin
Responsive Menu
27 January, 2022
Critical Vulnerability Fixed In Essential Addons for Elementor Plugin
Essential Addons for Elementor
11 January, 2022
Authenticated Vulnerability in Unpatched WordPress Themes
unpatched WordPress themes
7 January, 2022
Technical Advisory: WordPress Core 5.8.3 Security Update
WordPress core
13 December, 2021
Extremely Critical Vulnerability In The Apache Log4j Logging Library
Apache Log4j
2 December, 2021
An In-Depth Analysis Of The WP-VCD Malware
WP-VCD Malware
24 November, 2021
Multiple Security Vulnerabilities Fixed In Hide My WP by wpWave
Vulnerability in Hide My WP
10 November, 2021
Critical Security Vulnerability Fixed In WP Reset PRO
Vulnerability in WP Reset PRO
17 September, 2021
3 WordPress Security Issues Fixed In Version 5.8.1
WordPress security issues
13 September, 2021
Analyzing The Photo Gallery by 10Web SQL Injection Vulnerability
Photo Gallery by 10Web
13 September, 2021
Multiple Vulnerabilities In MailerLite Sign Up Forms
MailerLite Sign Up Forms
15 July, 2021
Critical WooCommerce SQL Injection Vulnerability Details
WooCommerce SQL Injection
29 April, 2021
Social Warfare XSS and RCE Vulnerabilities and Attack Data
Security Advisory
25 February, 2021
Critical Vulnerability in Easy WP SMTP WordPress Plugin
Vulnerability in Easy WP SMTP
25 February, 2021
Multiple Vulnerabilities In WordPress Plugin Popup Builder
Popup Builder Vulnerabilities
25 February, 2021
Bitcoin Ransom Scam Targeting Website Owners
Bitcoin Ransom Scam
20 August, 2020
Multiple Vulnerabilities In Discount Rules for WooCommerce Plugin
Discount Rules for WooCommerce
8 May, 2020
Elementor PRO Vulnerability And Attack Analysis
Elementor pro vulnerability
16 February, 2020
Critical Issue In ThemeGrill Demo Importer
Themegrill demo importer
14 January, 2020
Critical Vulnerability In InfiniteWP Client And WP Time Capsule
Critical Vulnerability
Load more
Subscribe
WordPress security
Pricing & features
For care plans
For hosts
For plugin developers
NEW
Documentation
All solutions
WordPress security
Plugin auditing
Vulnerability database
API for developers
Bug bounty program
Active security programs
NEW
Patchstack
About us
Careers
Media kit
Articles & insight
Whitepaper 2022
Social
LinkedIn
Facebook
Join community
Twitter
Join Discord
© 2023 Patchstack
This website uses cookies.
Learn more.
Looks like your browser is blocking our support chat widget. Turn off adblockers and reload the page.
Reload page
close
chevron-right
chevron-down
twitter-square
facebook-square
linkedin-square
bars
cross
menu
