🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Dave Jong

Dave Jong

Organization: Patchstack

All Time Ranking

201

All Time Discoveries

Showing 1-20 of 201 Vulnerabilities

User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection

9.9

CVE-2024-32137

Apr 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset

9.9

CVE ID Unknown

Feb 16, 2020

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection

9.8

CVE-2024-30225

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation

9.8

CVE-2024-31290

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25925

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated SQL Injection

9.8

CVE-2024-25910

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload

9.8

CVE-2024-25913

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update

9.8

CVE-2024-25912

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion

9.8

CVE-2024-25911

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection

9.8

CVE-2024-25100

Feb 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SalesKing <= 1.6.15 - Unauthenticated Privilege Escalation

9.8

CVE-2024-22157

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation

9.8

CVE-2023-32244

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Woodmart Core <= 1.0.36 - PHP Object Injection

9.8

CVE-2023-32242

May 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Houzez <= 2.8.2 - Unauthenticated SQL Injection

9.8

CVE-2023-29432

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Houzez <= 2.7.1 - Privilege Escalation

9.8

CVE-2023-26540

Feb 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData

9.8

CVE-2023-25960

Feb 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload

9.8

CVE-2023-25970

Feb 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Houzez Login Register <= 2.6.3 - Privilege Escalation

9.8

CVE-2023-26009

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota

9.8

CVE-2023-25701

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

GamiPress <= 2.5.7 - Unauthenticated SQL Injection

9.8

CVE-2023-24000

Feb 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
User Activity Log Pro <= 2.3.4 - Authenticated (Subscriber+) SQL Injection	CVE-2024-32137	9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	April 12, 2024
ThemeGrill Demo Importer 1.3.4 - 1.6.1 - Authorization Bypass to Site Reset		9.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	February 16, 2020
WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection	CVE-2024-30225	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 26, 2024
Demo My WordPress <= 1.0.9.1 - Unauthenticated Privilege Escalation	CVE-2024-31290	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 5, 2024
WooCommerce Easy Checkout Field Editor, Fees & Discounts <= 3.5.12 - Unauthenticated Arbitrary File Upload	CVE-2024-25925	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2024
MoveTo <= 6.2 - Unauthenticated SQL Injection	CVE-2024-25910	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
MoveTo <= 6.2 - Unauthenticated Arbitrary File Upload	CVE-2024-25913	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
MoveTo <= 6.2 - Missing Authorization to Unauthenticated Options Update	CVE-2024-25912	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
MoveTo <= 6.2 - Unauthenticated Directory Traversal to Arbitrary File Deletion	CVE-2024-25911	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 12, 2024
Coupon Referral Program <= 1.7.2 - Unauthenticated PHP Object Injection	CVE-2024-25100	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 5, 2024
SalesKing <= 1.6.15 - Unauthenticated Privilege Escalation	CVE-2024-22157	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	January 16, 2024
Woodmart Core <= 1.0.36 - Authentication Bypass to Privilege Escalation	CVE-2023-32244	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2023
Woodmart Core <= 1.0.36 - PHP Object Injection	CVE-2023-32242	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	May 11, 2023
Houzez <= 2.8.2 - Unauthenticated SQL Injection	CVE-2023-29432	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	April 6, 2023
Houzez <= 2.7.1 - Privilege Escalation	CVE-2023-26540	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 27, 2023
Zendrop – Global Dropshipping <= 1.0.0 - SQL Injection in setMetaData	CVE-2023-25960	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 24, 2023
Zendrop – Global Dropshipping <= 1.0.0 - Arbitrary File Upload	CVE-2023-25970	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 24, 2023
Houzez Login Register <= 2.6.3 - Privilege Escalation	CVE-2023-26009	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 23, 2023
WatchTowerHQ <= 3.6.16 - Type Juggling to Authentication Bypass in check_ota	CVE-2023-25701	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2023
GamiPress <= 2.5.7 - Unauthenticated SQL Injection	CVE-2023-24000	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	February 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation