Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Dave Jong

Dave Jong

Organization: Patchstack

All Time Ranking

274

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Is this you? Register as a researcher today to add more public profile details here!

Showing 201-220 of 274 Vulnerabilities

Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation

5.3

CVE-2023-32959

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset

5.3

CVE-2023-30490

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure

5.3

CVE-2023-27630

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Blogger Buzz <= 1.2.4 - Missing Authorization via activate_plugin

5.3

CVE-2023-30476

Apr 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass

5.3

CVE-2023-23730

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing

5.3

CVE-2023-23738

Jan 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Resoto <= 1.0.8 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Plugin Activation

5.0

CVE-2023-28619

Mar 22, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure

4.3

CVE-2024-54222

Dec 19, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

WP SuperBackup <= 2.3.3 - Missing Authorization

4.3

CVE-2024-56070

Dec 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Droip <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Settings Change

4.3

CVE-2024-43954

Aug 26, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Armour Extended <= 1.26 - Cross-Site Request Forgery

4.3

CVE-2024-43947

Aug 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WHMpress <= 6.2-revision-5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVE-2024-43247

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Bit Form Pro <= 2.6.4 - Authenticated (Subscriber+) Sensitive Information Exposure

4.3

CVE-2024-43251

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Leopard - WordPress offload media <= 2.0.36 - Authenticated (Subscriber+) Sensitive Information Exposure

4.3

CVE-2024-43257

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Leopard - WordPress offload media <= 2.0.36 - Missing Authorization to Authenticated (Subscriber+) Settings Update

4.3

CVE-2024-43256

Aug 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Seraphinite Accelerator Premium <= 2.21.13 - Cross-Site Request Forgery to Arbitrary File Deletion

4.3

CVE-2024-37940

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

BuddyBoss Theme <= 2.4.61 - Cross-Site Request Forgery

4.3

CVE-2024-37925

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

User Activity Log Pro <= 2.3.4 - Missing Authorization

4.3

CVE-2024-37929

Jul 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Uncanny Automator Pro < 5.3.0.1 - Cross-Site Request Forgery to License Setting Reset

4.3

CVE-2024-37118

Jun 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Uncanny Toolkit Pro for LearnDash <= 4.1.4 - Missing Authorization to Arbitrary Page/Post Duplication

4.3

CVE-2024-37439

Jun 28, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Multiple sparklewpthemes Themes (Various versions) - Cross-Site Request Forgery to Arbitrary Plugin Activation	CVE-2023-32959	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 16, 2023
Easing Slider <= 3.0.8 - Missing Authorization to Unauthenticated Settings Reset	CVE-2023-30490	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 16, 2023
Community by PeepSo <= 6.0.9.0 - Missing Authorization to Sensitive Information Exposure	CVE-2023-27630	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	May 5, 2023
Blogger Buzz <= 1.2.4 - Missing Authorization via activate_plugin	CVE-2023-30476	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 13, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Captcha Bypass	CVE-2023-23730	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 23, 2023
Spectra – WordPress Gutenberg Blocks <= 2.3.1 - Email Spoofing	CVE-2023-23738	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 23, 2023
Resoto <= 1.0.8 - Missing Authorization leading to Authenticated (Subscriber+) Arbitrary Plugin Activation	CVE-2023-28619	5.0	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N	March 22, 2023
Seraphinite Accelerator <= 2.22.15 (2.21.13 PRO) - Authenticated (Subscriber+) Information Exposure	CVE-2024-54222	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 19, 2024
WP SuperBackup <= 2.3.3 - Missing Authorization	CVE-2024-56070	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 18, 2024
Droip <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Settings Change	CVE-2024-43954	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 26, 2024
WP Armour Extended <= 1.26 - Cross-Site Request Forgery	CVE-2024-43947	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	August 26, 2024
WHMpress <= 6.2-revision-5 - Missing Authorization to Authenticated (Subscriber+) Settings Update	CVE-2024-43247	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Bit Form Pro <= 2.6.4 - Authenticated (Subscriber+) Sensitive Information Exposure	CVE-2024-43251	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	August 12, 2024
Leopard - WordPress offload media <= 2.0.36 - Authenticated (Subscriber+) Sensitive Information Exposure	CVE-2024-43257	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	August 12, 2024
Leopard - WordPress offload media <= 2.0.36 - Missing Authorization to Authenticated (Subscriber+) Settings Update	CVE-2024-43256	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	August 12, 2024
Seraphinite Accelerator Premium <= 2.21.13 - Cross-Site Request Forgery to Arbitrary File Deletion	CVE-2024-37940	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 9, 2024
BuddyBoss Theme <= 2.4.61 - Cross-Site Request Forgery	CVE-2024-37925	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	July 9, 2024
User Activity Log Pro <= 2.3.4 - Missing Authorization	CVE-2024-37929	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	July 9, 2024
Uncanny Automator Pro < 5.3.0.1 - Cross-Site Request Forgery to License Setting Reset	CVE-2024-37118	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	June 28, 2024
Uncanny Toolkit Pro for LearnDash <= 4.1.4 - Missing Authorization to Arbitrary Page/Post Duplication	CVE-2024-37439	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	June 28, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Dave Jong

Organization: Patchstack

Showing 201-220 of 274 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting