Thanks for reaching out. Which vulnerability are you referring to? We have run into some issues with a Patch Stack false CSRF issue that has not been cleared by it’s reporter even after the fix had been put in place. WordPress has made it clear at least that there are no longer any vulnerabilities so you should be free to keep the plugin.

Appreciate your information. Thanks.

Unfortunately we are a victim of Patchstacks lack of response to removing our CSRF vulnerability reports. As you can see this was reported back in Dec 2022 and was taken care of the minute we were made aware. WordPress also verified our fix around the same time and we have been safe sense. I have reached out to the reporter in multiple ways and had received an apology but no updates to patchstack. Since plugins like Wordfence and things like ManageWP use patchstack as a source of truth we are at the mercy of an incorrect report.

Apologies for the inconvenience and we understand if you have no choice due to this unfortunate situation.