The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577).
The TI WooCommerce Wishlist plugin, with over 100,000 active installs, is vulnerable to an unauthenticated file upload vulnerability (CVE-2025-47577).
The vulnerability in the Eventin plugin was originally reported by Patchstack Alliance community member Denver Jackson to the Patchstack Zero Day bug bounty program for WordPress. The Patchstack Zero Day program has awarded the researcher $600 USD in cash. If you wish to participate in the program, you can join the community here. This blog […]
Update: We have observed attackers start attempting to exploit this vulnerability in 1 hour and 31 minutes after disclosure. See Exploitation in the Wild for more information. The vulnerability in the OttoKit plugin was originally reported by Patchstack Alliance community member Denver Jackson to the Patchstack Zero Day bug bounty program for WordPress. The Patchstack […]
The Patchstack team has been monitoring a large-scale phishing campaign using a sophisticated email and web-based phishing template to warn users of a supposed security vulnerability in their WooCommerce installation. This attack bears a very striking similarity to a phishing campaign we reported on previously, this time targeting WooCommerce users specifically, instead of WordPress users […]
This blog post is about the RomethemeKit For Elementor plugin vulnerability. If you’re a RomethemeKit For Elementor user, please update the plugin to at least version 1.5.5. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit […]
If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. Vulnerability Information On April 10, 2025, a critical vulnerability in the WordPress plugin SureTriggers (version 1.0.78 and below) was identified and published. This flaw, allows unauthenticated attackers to create administrative user accounts on vulnerable […]
This blog post is about the WP Ghost plugin vulnerability. If you’re a WP Ghost user, please update the plugin to at least version 5.4.02. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have security audit services and […]
This blog post discusses about the findings on the Chaty Pro plugin. This vulnerability is fixed on version 3.3.4 and the vulnerable function didn’t exist on free version (Chaty) of the plugin. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin […]
This blog post is about the Essential Addons for Elementor plugin vulnerability. If you’re an Essential Addons for Elementor user, please update the plugin to at least version 6.0.15. If you are a Patchstack customer, you are protected from this vulnerability already, and no further action is required from you. For plugin developers, we have […]