Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Dave Jong

Dave Jong

Organization: Patchstack

All Time Ranking

274

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Is this you? Register as a researcher today to add more public profile details here!

Showing 81-100 of 274 Vulnerabilities

JetThemeCore for Elementor <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVE-2024-37497

Jul 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVE-2024-37108

Jun 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

ARForms <= 6.4 - Missing Authorization to Arbitrary File Deletion

8.1

CVE-2024-32703

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion

8.1

CVE-2023-23653

Jan 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read

7.7

CVE-2024-54216

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

WP SuperBackup <= 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download

7.5

CVE-2024-56067

Dec 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Revy <= 1.18 - Unauthenticated SQL Injection

7.5

CVE-2024-54215

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure

7.5

CVE-2024-32086

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

PowerPack Pro for Elementor <= 2.10.6 - Missing Authorization to Settings Reset

7.5

CVE-2024-24844

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

SalesKing <= 1.6.15 - Unauthenticated Sensitive Information Exposure

7.5

CVE-2024-22154

Jan 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure

7.5

CVE-2022-41623

Oct 12, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Hide My WP <= 6.2.3 - Authorization Bypass

7.5

CVE-2021-36917

Nov 24, 2021

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

RealHomes <= 4.0.2 - Missing Authorization

7.3

CVE-2023-37885

Jul 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AIO Contact <= 2.8.1 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-54219

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Brickscore <= 1.4.2.5 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-43950

Aug 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

BerqWP <= 1.7.5 - Unauthenticated Server-Side Request Forgery

7.2

CVE-2024-37942

Jul 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

WishList Member X <= 3.25.1 - Missing Authorization to Stored Cross-Site Scripting

7.2

CVE-2024-37106

Jun 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery

7.2

CVE-2024-33634

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2024-32562

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2023-27440

Mar 3, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
JetThemeCore for Elementor <= 2.2.0 - Authenticated (Subscriber+) Arbitrary File Deletion	CVE-2024-37497	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	July 4, 2024
WishList Member X <= 3.25.1 - Authenticated (Subscriber+) Arbitrary File Deletion	CVE-2024-37108	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	June 20, 2024
ARForms <= 6.4 - Missing Authorization to Arbitrary File Deletion	CVE-2024-32703	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	April 22, 2024
MainWP File Uploader Extension <= 4.1 - Authenticated (Subscriber+) Arbitrary File Deletion	CVE-2023-23653	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H	January 17, 2023
ARForms <= 6.4.1 - Directory Traversal to Authenticated (Subscriber+) Arbitrary File Read	CVE-2024-54216	7.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N	December 2, 2024
WP SuperBackup <= 2.3.3 - Missing Authorization to Unauthenticated Back-Up File Download	CVE-2024-56067	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 18, 2024
Revy <= 1.18 - Unauthenticated SQL Injection	CVE-2024-54215	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	December 2, 2024
Citadela Listing <= 5.18.1 - Unauthenticated Sensitive Information Exposure	CVE-2024-32086	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	April 11, 2024
PowerPack Pro for Elementor <= 2.10.6 - Missing Authorization to Settings Reset	CVE-2024-24844	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	February 2, 2024
SalesKing <= 1.6.15 - Unauthenticated Sensitive Information Exposure	CVE-2024-22154	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	January 16, 2024
ALD - AliExpress Dropshipping and Fulfillment for WooCommerce Premium <= 1.1.0 - Sensitive Information Disclosure	CVE-2022-41623	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	October 12, 2022
Hide My WP <= 6.2.3 - Authorization Bypass	CVE-2021-36917	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	November 24, 2021
RealHomes <= 4.0.2 - Missing Authorization	CVE-2023-37885	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 11, 2023
AIO Contact <= 2.8.1 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-54219	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	December 2, 2024
Brickscore <= 1.4.2.5 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-43950	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	August 26, 2024
BerqWP <= 1.7.5 - Unauthenticated Server-Side Request Forgery	CVE-2024-37942	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	July 10, 2024
WishList Member X <= 3.25.1 - Missing Authorization to Stored Cross-Site Scripting	CVE-2024-37106	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	June 20, 2024
Piotnet Addons For Elementor Pro <= 7.1.17 - Unauthenticated Server-Side Request Forgery	CVE-2024-33634	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 25, 2024
Zynith SEO <= 7.4.9 - Unauthenticated Stored Cross-Site Scripting	CVE-2024-32562	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	April 16, 2024
Types <= 3.4.17 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2023-27440	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	March 3, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Dave Jong

Organization: Patchstack

Showing 81-100 of 274 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting