🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Dave Jong

Dave Jong

Organization: Patchstack

All Time Ranking

184

All Time Discoveries

Showing 61-80 of 184 Vulnerabilities

Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation

4.3

CVE-2023-33923

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation

4.3

CVE-2023-33923

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset

5.3

CVE-2023-30490

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation

5.3

CVE-2023-32959

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation

5.3

CVE-2023-32959

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation

9.8

CVE-2023-32244

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Woodmart Core <= 1.0.36 - PHP Object Injection

9.8

CVE-2023-32242

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-32239

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WoodMart <= 7.2.1 - Missing Authorization

4.3

CVE-2023-32240

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization

6.5

CVE-2022-44633

May 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Points and Rewards for WooCommerce <= 1.5.0 - Missing Authorization

6.5

CVE-2023-27608

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

5.4

CVE-2023-32237

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure

5.3

CVE-2023-27630

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting

6.4

CVE-2023-32237

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

TheGem < 5.8.1.1 - Missing Authorization

6.3

CVE-2023-32238

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

TheGem < 5.8.1.1 - Improper Authentication

6.3

CVE-2023-32238

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change

4.3

CVE-2023-27607

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Editorialmag <= 1.2.0 - Missing Authorization to Authenticated Plugin Activation

6.3

CVE-2023-32129

May 4, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics

8.8

CVE-2023-30750

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Educenter <= 1.5.7 - Missing Authorization via activate_plugin

4.3

CVE-2023-30480

Apr 14, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Multiple Themes (Various Versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation	CVE-2023-33923	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 30, 2023
Multiple Themes (Various Versions) - Missing Authorization to Arbitrary Plugin Activation	CVE-2023-33923	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 30, 2023
Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset	CVE-2023-30490	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 16, 2023
Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation	CVE-2023-32959	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 16, 2023
Multiple sparklewpthemes Themes (Various versions) - Missing Authorization to Arbitrary Plugin Activation	CVE-2023-32959	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 16, 2023
Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation	CVE-2023-32244	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2023
Woodmart Core <= 1.0.36 - PHP Object Injection	CVE-2023-32242	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2023
WoodMart <= 7.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-32239	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 11, 2023
WoodMart <= 7.2.1 - Missing Authorization	CVE-2023-32240	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 11, 2023
YITH WooCommerce Gift Cards Premium <= 3.23.1 - Missing Authorization	CVE-2022-44633	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	May 10, 2023
Points and Rewards for WooCommerce <= 1.5.0 - Missing Authorization	CVE-2023-27608	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	May 5, 2023
TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-32237	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	May 5, 2023
Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure	CVE-2023-27630	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 5, 2023
TheGem < 5.8.1.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2023-32237	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 5, 2023
TheGem < 5.8.1.1 - Missing Authorization	CVE-2023-32238	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	May 5, 2023
TheGem < 5.8.1.1 - Improper Authentication	CVE-2023-32238	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	May 5, 2023
Points and Rewards for WooCommerce <= 1.5.0 - Cross-Site Request Forgery to Settings Change	CVE-2023-27607	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 5, 2023
Editorialmag <= 1.2.0 - Missing Authorization to Authenticated Plugin Activation	CVE-2023-32129	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	May 4, 2023
CM Pop-Up banners <= 1.5.10 - Authenticated (Subscriber+) SQL Injection via getStatistics	CVE-2023-30750	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	May 3, 2023
Educenter <= 1.5.7 - Missing Authorization via activate_plugin	CVE-2023-30480	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation