Hello Daniele / Bricksforge Team,
I am Jayron Castro, CEO of Kstros. We have just received a critical security alert regarding a high-risk vulnerability in the Bricksforge plugin, which has been officially documented in the Patchstack database.
Vulnerability Evidence: [Sensitive Data Exposure in WordPress Bricksforge Plugin - Patchstack](https://patchstack link)
Current Situation: We are currently running version 3.1.8.4 on several high-stakes production sites, including a real estate legal consultancy (H3 Legaliza) and a rental marketplace (Alugassim). As of this moment, your official dashboard and website do not offer an updated version (e.g., 3.1.8.5 or 3.2.0) to mitigate this sensitive data exposure.
Immediate Action Required:
- Official Patch: Is there a security hotfix ready for manual download that hasn’t reached the auto-updater yet?
- Mitigation: While the update is pending, which specific Bricksforge module (Global Classes, Pro Elements, etc.) is responsible for this exposure so we can disable it immediately?
- Timeline: What is the estimated Time to Repair (TTR) for this critical flaw?
The security of our clients’ sensitive data is non-negotiable for Kstros. We expect an immediate technical response and a clear roadmap for this fix.
Best regards,
Jayron Castro
CEO, Kstros.com
