Does Patchstack – WordPress & Plugins Security have any unpatched vulnerabilities?

No. All known vulnerabilities in Patchstack – WordPress & Plugins Security have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Patchstack – WordPress & Plugins Security compatible with WordPress 6.9.4?

According to WordPress.org data, Patchstack – WordPress & Plugins Security 2.3.5 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is Patchstack – WordPress & Plugins Security compatible with PHP 5.6+?

Patchstack – WordPress & Plugins Security requires PHP 5.6 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Patchstack – WordPress & Plugins Security updated?

Patchstack – WordPress & Plugins Security was last updated on Jan 6, 2026. Frequent updates are generally a positive security signal.

What is Patchstack – WordPress & Plugins Security's security score?

Patchstack – WordPress & Plugins Security has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Patchstack – WordPress & Plugins Security Security & Risk Analysis

wordpress.org/plugins/patchstack

Patchstack automatically identifies and mitigates security vulnerabilities in WordPress plugins, themes, and core.

40K active installs v2.3.5 PHP 5.6+ WP 4.4+ Updated Jan 6, 2026

firewallsecurityvirtual-patchingvulnerabilitiesvulnerability

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Patchstack – WordPress & Plugins Security Safe to Use in 2026?

Generally Safe

Score 100/100

Patchstack – WordPress & Plugins Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2mo ago

Risk Assessment

The "patchstack" plugin version 2.3.5 exhibits a concerning security posture primarily due to its unprotected entry points. With 3 out of 3 AJAX handlers lacking authentication checks, an attacker could potentially trigger arbitrary actions within the plugin without proper authorization. While the plugin demonstrates good practices in SQL query preparation (61%) and output escaping (74%), the presence of 12 flows with unsanitized paths in the taint analysis, two of which are of high severity, is a significant red flag. These unsanitized paths, particularly when combined with unprotected AJAX handlers, could lead to various injection vulnerabilities if not handled carefully. The plugin's history of zero known CVEs is positive, suggesting a diligent maintenance record or a lack of past exploitable flaws. However, the static analysis findings, especially the unprotected AJAX endpoints and high-severity taint flows, warrant immediate attention to mitigate potential risks. The strengths lie in its SQL and output handling, but the critical weakness in its attack surface and data sanitization needs to be addressed.

Key Concerns

AJAX handlers without auth checks
High severity unsanitized path flows
Unsanitized path flows
SQL queries without prepared statements
Output not properly escaped

Vulnerabilities

None known

Patchstack – WordPress & Plugins Security Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Patchstack – WordPress & Plugins Security Code Analysis

Dangerous Functions

Raw SQL Queries

27 prepared

Unescaped Output

84 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

61% prepared44 total queries

Output Escaping

74% escaped113 total outputs

Data Flows

12 unsanitized

Data Flow Analysis

14 flows12 with unsanitized paths

get_captcha_response (includes\hardening.php:279)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

3 unprotected

Patchstack – WordPress & Plugins Security Attack Surface

Entry Points3

Unprotected3

AJAX Handlers 3

authwp_ajax_patchstack_activate_licenseincludes\admin\ajax.php:23

authwp_ajax_patchstack_activate_autoincludes\admin\ajax.php:26

authwp_ajax_patchstack_activation_statusincludes\admin\ajax.php:27

WordPress Hooks 100

actionactivated_pluginincludes\activation.php:30

actionupdated_optionincludes\activation.php:31

actionall_admin_noticesincludes\activation.php:87

actionadmin_noticesincludes\admin\general.php:24

actionnetwork_admin_noticesincludes\admin\general.php:25

actionupdate_option_siteurlincludes\admin\general.php:26

actionupdate_optionincludes\admin\general.php:27

actionadmin_headincludes\admin\menu.php:21

actionadmin_menuincludes\admin\menu.php:22

actionnetwork_admin_menuincludes\admin\menu.php:23

actionadmin_enqueue_scriptsincludes\admin\menu.php:24

actionadmin_enqueue_scriptsincludes\admin\menu.php:25

actionpatchstack_update_license_statusincludes\api.php:32

actionpatchstack_send_pingincludes\api.php:33

actionpatchstack_send_header_requestincludes\api.php:34

actioninitincludes\ban.php:27

actioninitincludes\cron.php:21

filtercron_schedulesincludes\cron.php:22

actionpatchstack_check_envincludes\cron.php:23

actionadd_attachmentincludes\events\attachment.php:19

actionedit_attachmentincludes\events\attachment.php:20

actiondelete_attachmentincludes\events\attachment.php:21

actionwp_insert_commentincludes\events\comments.php:23

actionedit_commentincludes\events\comments.php:24

actiontrash_commentincludes\events\comments.php:25

actionuntrash_commentincludes\events\comments.php:26

actionspam_commentincludes\events\comments.php:27

actionunspam_commentincludes\events\comments.php:28

actiondelete_commentincludes\events\comments.php:29

actiontransition_comment_statusincludes\events\comments.php:30

action_core_updated_successfullyincludes\events\core.php:19

actionupdated_optionincludes\events\options.php:19

actionactivated_pluginincludes\events\plugins.php:19

actiondeactivated_pluginincludes\events\plugins.php:20

actionupgrader_process_completeincludes\events\plugins.php:21

actiontransition_post_statusincludes\events\posts.php:23

actiondelete_postincludes\events\posts.php:24

actionwp_loginincludes\events\users.php:19

actiondelete_userincludes\events\users.php:20

actionuser_registerincludes\events\users.php:21

actionprofile_updateincludes\events\users.php:22

actionvalidate_password_resetincludes\events\users.php:23

filterwp_login_failedincludes\events\users.php:24

filterquery_varsincludes\hacker-log.php:22

actionparse_requestincludes\hacker-log.php:23

actionpatchstack_update_pluginsincludes\hardening.php:23

filterwp_headersincludes\hardening.php:36

actioncomment_form_after_fieldsincludes\hardening.php:40

filterpreprocess_commentincludes\hardening.php:41

filterwp_is_application_passwords_availableincludes\hardening.php:46

filterxmlrpc_enabledincludes\hardening.php:51

filterrest_authentication_errorsincludes\hardening.php:56

actioninitincludes\hardening.php:61

filterthe_generatorincludes\hardening.php:67

actioninitincludes\hide-login.php:36

actionwp_logoutincludes\hide-login.php:37

actionupdated_optionincludes\htaccess.php:27

actioninitincludes\listener.php:24

actionlogin_initincludes\login.php:33

actionlogin_initincludes\login.php:34

actionlogin_headincludes\login.php:35

actionlogin_enqueue_scriptsincludes\login.php:36

actionwoocommerce_login_form_startincludes\login.php:40

actionwoocommerce_register_form_startincludes\login.php:41

actionwp_authenticateincludes\login.php:42

actionwoocommerce_before_lost_password_formincludes\login.php:43

actionlogin_formincludes\login.php:48

actionauthenticateincludes\login.php:49

actionprofile_personal_optionsincludes\login.php:50

actionpersonal_optionsincludes\login.php:51

actionedit_user_profile_updateincludes\login.php:52

actionpersonal_options_updateincludes\login.php:53

actionadmin_enqueue_scriptsincludes\login.php:54

actionwoocommerce_login_formincludes\login.php:58

actionwoocommerce_edit_account_formincludes\login.php:59

actionwoocommerce_save_account_details_errorsincludes\login.php:60

filterlogin_formincludes\login.php:322

filterwoocommerce_login_formincludes\login.php:323

filterwp_authenticate_userincludes\login.php:324

actionregister_formincludes\login.php:329

actionwoocommerce_register_formincludes\login.php:330

actionregistration_errorsincludes\login.php:331

filterwoocommerce_process_registration_errorsincludes\login.php:332

actionlostpassword_formincludes\login.php:337

actionwoocommerce_lostpassword_formincludes\login.php:338

actionallow_password_resetincludes\login.php:339

actionlostpassword_postincludes\login.php:343

actionpatchstack_post_firewall_rulesincludes\rules.php:21

actionpatchstack_post_dynamic_firewall_rulesincludes\rules.php:22

actionpatchstack_send_software_dataincludes\upload.php:29

actionpatchstack_send_hacker_logsincludes\upload.php:30

actionpatchstack_send_event_logsincludes\upload.php:31

actionpatchstack_import_ap_logsincludes\upload.php:32

actionactivated_pluginincludes\upload.php:35

actiondeactivated_pluginincludes\upload.php:36

actiondeleted_pluginincludes\upload.php:37

actionupgrader_process_completeincludes\upload.php:38

action_core_updated_successfullyincludes\upload.php:39

actioninitpatchstack.php:293

actionplugins_loadedpatchstack.php:406

Maintenance & Trust

Patchstack – WordPress & Plugins Security Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedJan 6, 2026

PHP min version5.6

Downloads555K

Community Trust

Rating98/100

Number of ratings61

Active installs40K

Alternatives

Patchstack – WordPress & Plugins Security Alternatives

MalCare WordPress Security Plugin – Malware Scanner, Cleaner, Security Firewall

malcare-security

100

Get Bulletproof Security for your WordPress site. WordPress security plugin packed with comprehensive Firewall, malware scanner, cleaner & more.

200K No CVEs

IP Geo Block

ip-geo-block

It blocks spam posts, login attempts and malicious access to the back-end requested from the specific countries, and also prevents zero-day exploit.

9K No CVEs

Security Ninja – WordPress Security Plugin & Firewall

security-ninja

WordPress security plugin with free basic firewall/WAF, vulnerability scanning, and 50+ core integrity checks.

7K 1 CVE

Simple WP Vulnerability Watcher

simple-wp-vulnerability-watcher

100

Real-time monitoring of WordPress core, themes, and plugins for known vulnerabilities.

20 No CVEs

Wordfence Security – Firewall, Malware Scan, and Login Security

wordfence

Firewall, Malware Scanner, Two Factor Auth, and Comprehensive Security Features, powered by our 24-hour team. Make security a priority with Wordfence.

5.0M 12 CVEs

Developer Profile

Patchstack – WordPress & Plugins Security Developer Profile

Patchstack

1 plugin · 40K total installs

trust score

Avg Security Score

100/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Patchstack – WordPress & Plugins Security

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/patchstack/assets/css/patchstack-admin.css/wp-content/plugins/patchstack/assets/css/patchstack-style.css/wp-content/plugins/patchstack/assets/js/patchstack-admin.js/wp-content/plugins/patchstack/assets/js/patchstack-script.js

Script Paths

/wp-content/plugins/patchstack/assets/js/patchstack-admin.js/wp-content/plugins/patchstack/assets/js/patchstack-script.js

Version Parameters

patchstack/assets/css/patchstack-admin.css?ver=patchstack/assets/css/patchstack-style.css?ver=patchstack/assets/js/patchstack-admin.js?ver=patchstack/assets/js/patchstack-script.js?ver=

HTML / DOM Fingerprints

CSS Classes

patchstack-admin-menu

JS Globals

patchstack_data

REST Endpoints

/wp-json/patchstack/v1/firewall/wp-json/patchstack/v1/rule/wp-json/patchstack/v1/scan

FAQ