Wordfence Intelligence   >   Vulnerability Researchers   >   Dave Jong

Dave Jong

Organization: Patchstack

17
All Time Ranking
274
All Time Discoveries
0
90 Day Published Submissions
N/A
Last Published Submission

Showing 61-80 of 274 Vulnerabilities

WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Arbitrary File Deletion
8.1
CVE-2024-37108
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
WishList Member X <= 3.25.1 - Unauthenticated Information Exposure
5.3
CVE-2024-37113
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WishList Member X <= 3.25.1 - Unauthenticated Arbitrary SQL Execution
10.0
CVE-2024-37112
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
WishList Member X <= 3.25.1 - Unauthenticated Denial of Service
5.3
CVE-2024-37111
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
WishList Member X <= 3.25.1 - Missing Authorization to Information Disclosure
5.3
CVE-2024-37110
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Remote Code Execution
9.9
CVE-2024-37109
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2024-37107
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
WishList Member X <= 3.25.1 - Missing Authorization to Stored Cross-Site Scripting
7.2
CVE-2024-37106
Jun 20, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.11 - Authenticated (Subscriber+) Information Exposure
4.3
CVE-2024-35682
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure
4.3
CVE-2024-35691
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send
5.3
CVE-2024-35748
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Visitors Tracker <= 2.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-35737
Jun 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Checkout Field Editor for WooCommerce (Pro) <= 3.6.2 - Unauthenticated Arbitrary File Deletion
9.8
CVE-2024-35658
Jun 3, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
WooCommerce AWeber Newsletter Subscription <= 4.0.2 - Missing Authorization to Access Token Modification
5.3
CVE-2024-33944
Apr 30, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection
9.8
CVE-2024-30225
Apr 26, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion
8.8
CVE-2024-33628
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-33631
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery
4.3
CVE-2024-33632
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting
6.1
CVE-2024-33633
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery
7.2
CVE-2024-33634
Apr 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Arbitrary File Deletion CVE-2024-37108 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H June 20, 2024
WishList Member X <= 3.25.1 - Unauthenticated Information Exposure CVE-2024-37113 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 20, 2024
WishList Member X <= 3.25.1 - Unauthenticated Arbitrary SQL Execution CVE-2024-37112 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H June 20, 2024
WishList Member X <= 3.25.1 - Unauthenticated Denial of Service CVE-2024-37111 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L June 20, 2024
WishList Member X <= 3.25.1 - Missing Authorization to Information Disclosure CVE-2024-37110 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N June 20, 2024
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Remote Code Execution CVE-2024-37109 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H June 20, 2024
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Privilege Escalation CVE-2024-37107 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H June 20, 2024
WishList Member X <= 3.25.1 - Missing Authorization to Stored Cross-Site Scripting CVE-2024-37106 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N June 20, 2024
Otter Blocks PRO – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE <= 2.6.11 - Authenticated (Subscriber+) Information Exposure CVE-2024-35682 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N June 6, 2024
Widget Options - Extended <= 5.1.0 & Widget Options <= 4.0.1 - Authenticated (Subscriber+) Information Disclosure CVE-2024-35691 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N June 6, 2024
WooCommerce Dropshipping <= 5.0.4 - Missing Authorization to Unauthenticated Arbitrary Email Send CVE-2024-35748 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N June 6, 2024
WP Visitors Tracker <= 2.3 - Reflected Cross-Site Scripting CVE-2024-35737 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N June 6, 2024
Checkout Field Editor for WooCommerce (Pro) <= 3.6.2 - Unauthenticated Arbitrary File Deletion CVE-2024-35658 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 3, 2024
WooCommerce AWeber Newsletter Subscription <= 4.0.2 - Missing Authorization to Access Token Modification CVE-2024-33944 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 30, 2024
WP Migrate Pro <= 2.6.10 - Unauthenticated PHP Object Injection CVE-2024-30225 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H April 26, 2024
XforWooCommerce <= 2.0.2 - Authenticated (Subscriber+) Local File Inclusion CVE-2024-33628 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 25, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-33631 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 25, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Cross-Site Request Forgery CVE-2024-33632 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 25, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Reflected Cross-Site Scripting CVE-2024-33633 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 25, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery CVE-2024-33634 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N April 25, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.