🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Dave Jong

Dave Jong

Organization: Patchstack

All Time Ranking

201

All Time Discoveries

Showing 81-100 of 201 Vulnerabilities

MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation

5.4

CVE-2023-23747

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation

5.4

CVE-2023-23648

Jan 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization

5.4

CVE-2022-45851

Nov 23, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Soledad <= 8.2.5 - Missing Authorization

5.4

CVE-2022-42479

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Beaver Builder <= 2.5.4.3 - Missing Authorization

5.4

CVE-2022-36425

Jul 20, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion

5.8

CVE-2024-31297

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting

6.1

CVE-2024-33633

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-32952

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ARforms <= 6.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-32702

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Post Type Builder <= 2.0.8 - Reflected Cross-Site Scripting

6.1

CVE-2024-31365

Apr 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooCommerce License Manager <= 5.3.1 - Reflected Cross-Site Scripting

6.1

CVE-2024-29121

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WooThumbs for WooCommerce by Iconic <= 5.5.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-29116

Mar 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting

6.1

CVE-2024-24843

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Profile Builder Pro <= 3.10.0 - Reflected Cross-Site Scripting

6.1

CVE-2024-22142

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting

6.1

CVE-2023-47876

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Mediciti Lite <= 1.3.0 - Reflected Cross-Site Scripting

6.1

CVE-2023-28418

Mar 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Brilliance <= 1.3.1 - Reflected Cross-Site Scripting

6.1

CVE-2023-28171

Mar 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

RealHomes <= 4.0.2 - Missing Authorization

6.3

CVE-2023-37886

Jul 11, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

WPLMS < 4.900 - Cross-Site Request Forgery

6.3

CVE-2023-36690

Jul 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

TheGem < 5.8.1.1 - Improper Authentication

6.3

CVE-2023-32238

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
MainWP Buddy Extension <= 4.0.1 - Missing Authorization to Arbitrary Plugin Activation	CVE-2023-23747	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	January 17, 2023
MainWP Rocket Extension <= 4.0.3 - Missing Authorization to Arbitrary Plugin Activation	CVE-2023-23648	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	January 16, 2023
ShareThis Dashboard for Google Analytics <= 3.1.4 - Missing Authorization	CVE-2022-45851	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	November 23, 2022
Soledad <= 8.2.5 - Missing Authorization	CVE-2022-42479	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	November 1, 2022
Beaver Builder <= 2.5.4.3 - Missing Authorization	CVE-2022-36425	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	July 20, 2022
Wholesale For WooCommerce <= 2.3.0 - Unauthenticated Arbitrary Post Deletion	CVE-2024-31297	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L	April 5, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting	CVE-2024-33633	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 25, 2024
Max Addons Pro for Bricks <= 1.6.1 - Reflected Cross-Site Scripting	CVE-2024-32952	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 22, 2024
ARforms <= 6.4 - Reflected Cross-Site Scripting	CVE-2024-32702	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 22, 2024
Post Type Builder <= 2.0.8 - Reflected Cross-Site Scripting	CVE-2024-31365	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2024
WooCommerce License Manager <= 5.3.1 - Reflected Cross-Site Scripting	CVE-2024-29121	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
WooThumbs for WooCommerce by Iconic <= 5.5.3 - Reflected Cross-Site Scripting	CVE-2024-29116	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2024
PowerPack Pro for Elementor < 2.10.8 - Cross-Site Request Forgery to Plugin Settings Modification and Cross-Site Scripting	CVE-2024-24843	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 2, 2024
Profile Builder Pro <= 3.10.0 - Reflected Cross-Site Scripting	CVE-2024-22142	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	January 10, 2024
Perfmatters <= 2.1.6 - Reflected Cross-Site Scripting	CVE-2023-47876	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 21, 2023
Mediciti Lite <= 1.3.0 - Reflected Cross-Site Scripting	CVE-2023-28418	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 16, 2023
Brilliance <= 1.3.1 - Reflected Cross-Site Scripting	CVE-2023-28171	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 13, 2023
RealHomes <= 4.0.2 - Missing Authorization	CVE-2023-37886	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	July 11, 2023
WPLMS < 4.900 - Cross-Site Request Forgery	CVE-2023-36690	6.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L	July 5, 2023
TheGem < 5.8.1.1 - Improper Authentication	CVE-2023-32238	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	May 5, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation