About Alliance Leaderboard Vulnerability database WordPress security
Login

Dave Jong (Patchstack)

0
0
0
0
Dave Jong (Patchstack)
Alliance XP
460.75
Contributions
172
Contributions 172
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

████

█████████████████████ █████ ████████████████████████████████████████████████████████

6.1

Pending

████

███████ █████ ███████████████████████████████████

5.4

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

5.4

Pending

████

███████ █████ ███████████████████████████████████

5.4

Pending

████

███████ █████ ███████████████████████████████████

5.4

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+0 AXP

5.4

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+0 AXP

5.4

Pending

████

███████ █████ ██████████████████████████████████████████

+0 AXP

9.8

Pending

████

███████ █████ ██████████████████████████████████████████

+0 AXP

9.8

Pending

████

██████████████ █████ ██████████████████████████████████████████

9.9

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+49.2 AXP

8.2

Pending

████

██████████████ █████ ███████████████████████████████████

+0 AXP

4.3

Pending

████

██████████████ █████ █████████████████████████████████████████████████

+0 AXP

5.4

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+16.2 AXP

8.1

Pending

████

███████ █████ █████████████████████████████████████████████████

+14.6 AXP

7.3

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ██████████████████████████████████████████

4.3

Pending

████

██████████████ █████ █████████████████████████████████████████████████

4.3

Pending

████

███████ █████ ███████████████████████████████████

4.3

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ██████████████████████████████████████████

4.3

Pending

████

███████ █████ ██████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ █████████████████████████████████████████████████

4.3

Pending

████

█████████████████████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

4.3

Pending

████

█████████████████████ █████ █████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ███████████████████████████████████

4.3

Pending

████

██████████████ █████ █████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

+0 AXP

4.3

Pending

████

██████████████ █████ ████████████████████████████████████████████████████████

4.3

Pending

████

██████████████ █████ ███████████████████████████████████

4.3

Pending

████

██████████████ █████ ███████████████████████████████████

4.3

Pending

████

███████ █████ ████████████████████████████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+0 AXP

7.7

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+0 AXP

5.4

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+13 AXP

6.5

Pending

████

█████████████████████ █████ ██████████████████████████████████████████

+5.4 AXP

5.4

Pending

████

███████ █████ ██████████████████████████████████████████

+10.6 AXP

5.3

Pending

Theme

Real Estate Directory <= 1.0.5 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

3 days ago

Theme

Chankhe <= 1.0.5 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

4 days ago

Theme

Mediciti Lite <= 1.3.0 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

5.4

4 days ago

Theme

Brilliance <= 1.3.1 Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

6 days ago

Theme

Intrepidity <= 1.5.1 Cross Site Request Forgery (CSRF)

+0 AXP

8.8

7 days ago

Theme

Regina Lite <= 2.0.7 Reflected Cross Site Scripting (XSS)

+5.4 AXP

5.4

7 days ago

Plugin

Montonio for WooCommerce <= 6.0.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

08.03.2023

Theme

Big Store <= 1.9.3 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

05.03.2023

Plugin

Wpopal Core Features <= 1.5.8 Server Side Request Forgery (SSRF)

+16.4 AXP

8.2

03.03.2023

Plugin

AMO for WP – Membership Management <= 4.6.6 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

WooVirtualWallet – A virtual wallet for WooCommerce <= 2.2.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

WooVIP – Membership plugin for WordPress and WooCommerce <= 1.4.4 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

WooSupply – Suppliers, Supply Orders and Stock Management <= 1.2.2 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

Theme Minifier <= 2.0 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

Styles <= 1.2.3 Server Side Request Forgery (SSRF)

+16.4 AXP

8.2

03.03.2023

Plugin

WordPress Page Builder – Qards <= 1.0.5 Qards plugin <= 1.0.5 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

PHPFreeChat <= 0.2.8 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

Custom Login Admin Front-end CSS <= 1.4.1 end CSS plugin <= 1.4.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

CSS Adder By Agence-Press <= 1.5.0 Press plugin <= 1.5.0 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

Confirm Data <= 1.0.7 Unauth. ServerSide Request Forgery (SSRF) vulnerability

+0 AXP

8.2

03.03.2023

Plugin

AMP Toolbox <= 2.1.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

03.03.2023

Plugin

Admin CSS MU <= 2.6 ServerSide Request Forgery (SSRF) vulnerability

+16.4 AXP

8.2

03.03.2023

Plugin

Types <= 3.4.17 Authenticated Arbitrary File Upload Vulnerability

+0 AXP

7.2

03.03.2023

Theme

Total <= 2.1.19 Authenticated Arbitrary Plugin Activation

+12.9 AXP

4.3

01.03.2023

Plugin

Wholesale Suite <= 2.1.5 Auth. Plugin Settings Change vulnerability

+5.4 AXP

5.4

27.02.2023

Theme

Houzez <= 2.7.1 Privilege Escalation

+29.4 AXP

9.8

27.02.2023

Plugin

Zendrop – Global Dropshipping <= 1.0.0 Arbitrary SQL Query Execution Vulnerability

+15 AXP

10.0

24.02.2023

Plugin

Zendrop – Global Dropshipping <= 1.0.0 Arbitrary File Upload

+39.2 AXP

9.8

24.02.2023

Plugin

Houzez Login Register <= 2.6.3 Privilege Escalation

+19.6 AXP

9.8

23.02.2023

Plugin

WatchTowerHQ <= 3.6.16 Privilege Escalation

+0 AXP

9.8

14.02.2023

Plugin

GamiPress <= 2.5.7 Unauthenticated SQL Injection vulnerability

+24.6 AXP

8.2

14.02.2023

Plugin

GamiPress <= 2.5.6 CSRF Leading to Settings Change Vulnerability

+2.7 AXP

5.4

13.02.2023

Plugin

GamiPress <= 2.5.6 Missing Authorization Leading to Points Manipulation Vulnerability

+5.4 AXP

5.4

13.02.2023

Theme

ColorWay <= 4.2.3 CSRF Leading to Arbitrary Plugin Activation

+2.15 AXP

4.3

08.02.2023

Theme

Magazine Edge <= 1.13 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

02.02.2023

Plugin

Spectra <= 2.3.0 Contributor+ reCAPTCHA Settings Change Vulnerability

+32.4 AXP

5.4

23.01.2023

Plugin

Spectra <= 2.3.0 Captcha Bypass Vulnerability

+31.8 AXP

5.3

23.01.2023

Plugin

Spectra <= 2.3.0 Unauthenticated Email HTML Injection Vulnerability

+31.8 AXP

5.3

23.01.2023

Plugin

Spectra <= 2.3.0 Unauthenticated Email Spoofing Vulnerability

+31.8 AXP

5.3

23.01.2023

Theme

Corsa <= 1.5 Arbitrary File Upload

+0 AXP

8.8

23.01.2023

Plugin

Upfrontwp <= 1.0 Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

23.01.2023

Plugin

MainWP Broken Links Checker Extension <= 4.0 Unauthenticated SQL Injection Vulnerability

+0 AXP

8.2

17.01.2023

Plugin

MainWP Broken Links Checker Extension <= 4.0 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Boilerplate Extension <= 4.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Boilerplate Extension <= 4.1 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP Article Uploader Extension <= 4.0.2 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17.01.2023

Plugin

MainWP Article Uploader Extension <= 4.0.2 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP BlogVault Backup Extension <= 1.3 Subscriber+ Arbitrary Plugin Installation Vulnerability

+0 AXP

6.5

17.01.2023

Plugin

MainWP Favorites Extension <= 4.0.10 Subscriber+ Arbitrary Plugin Installation Vulnerability

+0 AXP

6.5

17.01.2023

Plugin

MainWP Favorites Extension <= 4.0.10 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17.01.2023

Plugin

MainWP White Label Extension <= 4.1.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Buddy Extension <= 4.0.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP WordPress SEO Extension <= 4.0.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP UpdraftPlus Extension <= 4.0.6 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Staging Extension <= 4.0.3 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Page Speed Extension <= 4.0.2 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP iThemes Security Extension <= 4.1.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Clone Extension <= 4.0.2 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

+0 AXP

9.9

17.01.2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Stored CrossSite Scripting Vulnerability

+0 AXP

6.5

17.01.2023

Plugin

MainWP Links Manager Extension <= 2.1 Unauthenticated PHP Object Injection Vulnerability

+0 AXP

8.1

17.01.2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Comments Extension <= 4.0.6 Subscriber+ Arbitrary Comment Removal/Trash/Approval/Restoration Vulnerability

+0 AXP

6.5

17.01.2023

Plugin

MainWP File Uploader Extension <= 4.1 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17.01.2023

Plugin

MainWP Rocket Extension <= 4.0.3 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP UpdraftPlus Extension <= 4.0.6 Unauthenticated Plugin Settings Change Vulnerability

+0 AXP

6.5

17.01.2023

Plugin

MainWP File Uploader Extension <= 4.1 Unauthenticated Arbitrary File Upload Vulnerability

+0 AXP

10.0

17.01.2023

Plugin

MainWP Google Analytics Extension <= 4.0.4 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Google Analytics Extension <= 4.0.4 Subscriber+ SQL Injection Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP Maintenance Extension <= 4.1.1 Subscriber+ SQL Injection Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP Maintenance Extension <= 4.1.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Matomo Extension <= 4.0.4 CSRF Leading To Plugin Settings Change Vulnerability

+0 AXP

4.3

17.01.2023

Plugin

MainWP Post Dripper Extension <= 4.0.4 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP Post Plus Extension <= 4.0.3 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17.01.2023

Plugin

MainWP Rocket Extension <= 4.0.3 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Wordfence Extension <= 4.0.7 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

MainWP Wordfence Extension <= 4.0.7 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17.01.2023

Plugin

Wp Social <= 1.9.0 Auth. Sensitive Information Disclosure vulnerability

6.5

14.12.2022

Theme

Attorney <= 3 Unauth. Arbitrary Content Deletion vulnerability

+0 AXP

6.5

01.12.2022

Plugin

ARMember Premium <= 5.5.1 Unauth. Privilege Escalation vulnerability

+0 AXP

9.8

01.12.2022

Plugin

Wholesale Suite <= 2.1.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

28.11.2022

Plugin

Smart Slider 3 <= 3.5.1.9 Auth. PHP Object Injection vulnerability

4.3

23.11.2022

Plugin

Image Map Pro <= 5.5.0 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

23.11.2022

Plugin

Image Map Pro <= 5.5.0 CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS)

6.1

23.11.2022

Plugin

ShareThis Dashboard for Google Analytics <= 3.1.4 Broken Access Control vulnerability

+0 AXP

5.4

23.11.2022

Plugin

YITH WooCommerce Gift Cards Premium <= 3.19.0 Unauth. Arbitrary File Upload vulnerability

9.8

22.11.2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

6.3

21.11.2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

4.3

21.11.2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

5.4

21.11.2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

5.4

21.11.2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

4.3

21.11.2022

Theme

Betheme <= 26.6.1 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

21.11.2022

Theme

Betheme <= 26.5.1.4 Auth. PHP Object Injection vulnerability

6.3

17.11.2022

Plugin

Multilingual CMS <= 4.5.13 CrossSite Request Forgery (CSRF) vulnerability

4.3

09.11.2022

Plugin

Multilingual CMS <= 4.5.13 CrossSite Request Forgery (CSRF) vulnerability

5.4

09.11.2022

Plugin

Multilingual CMS <= 4.5.10 Broken Access Control vulnerability

4.3

09.11.2022

Plugin

Multilingual CMS <= 4.5.10 Broken Access Control vulnerability

5.4

09.11.2022

Plugin

WatchTowerHQ <= 3.6.15 Unauth. Arbitrary File Deletion vulnerability

9.1

01.11.2022

Plugin

WatchTowerHQ <= 3.6.15 Unauth. Arbitrary File Download vulnerability

7.5

01.11.2022

Theme

Soledad <= 8.2.5 Broken Access Control vulnerability

5.4

01.11.2022

Theme

Soledad <= 8.2.5 Auth. CrossSite Scripting (XSS) vulnerability

5.4

30.10.2022

Plugin

Api2Cart Bridge Connector <= 1.1.0 Arbitrary File Upload vulnerability

9.8

28.10.2022

Plugin

Api2Cart Bridge Connector <= 1.1.0 Arbitrary Code Execution vulnerability

10.0

28.10.2022

Plugin

SearchWP <= 4.2.5 Broken Authentication vulnerability

5.4

24.10.2022

Theme

Avada <= 7.8.1 CrossSite Request Forgery (CSRF) vulnerability

8.8

20.10.2022

Plugin

Shortcodes Ultimate <= 5.12.0 CSRF vulnerability leading to Stored XSS

6.1

13.10.2022

Plugin

ALD - AliExpress Dropshipping and Fulfillment for WooCommerce <= 1.1.0 Sensitive Data Exposure vulnerability

+0 AXP

7.5

12.10.2022

Plugin

Shortcodes Ultimate <= 5.12.0 CrossSite Request Forgery (CSRF) vulnerability

5.4

02.10.2022

Plugin

Beaver Builder <= 2.5.4.3 Broken Access Control vulnerability

5.4

20.07.2022

Plugin

Breeze <= 2.0.2 Plugin Settings Change leading to CrossSite Scripting (XSS) vulnerability

6.5

02.05.2022

Plugin

Responsive Menu <= 4.1.7 Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

8.3

16.03.2022

Plugin

Rearrange Woocommerce Products <= 4.0.2 SQL Injection (SQLi) vulnerability

6.6

15.03.2022

Plugin

Perfect Brands for WooCommerce <= 2.0.4 Set Featured Brand vulnerability

4.3

28.01.2022

Plugin

Perfect Brands for WooCommerce <= 2.0.4 Server Information Exposure vulnerability

4.3

28.01.2022

Plugin

Hide My WP <= 6.2.3 Unauthenticated SQL injection (SQLi) vulnerability

8.6

24.11.2021

Plugin

Hide My WP <= 6.2.3 Unauthenticated Plugin Deactivation vulnerability

6.5

24.11.2021

Plugin

WP Reset <= 5.98 Authenticated Database Reset vulnerability

8.8

10.11.2021

Plugin

WP Reset <= 5.98 CrossSite Request Forgery (CSRF) vulnerability leading to Database Reset

8.8

10.11.2021

Plugin

Popup Builder <= 3.71 Authenticated Local File Inclusion (LFI) vulnerability

28.01.2021

Plugin

Popup Builder <= 3.71 Authenticated Deleting/Importing Subscribers vulnerability

28.01.2021

Plugin

Popup Builder <= 3.71 Authenticated Newsletter Send With Custom Content And Sender vulnerability

28.01.2021

Plugin

ThemeGrill Demo Importer <= 1.6.2 Bypass and Database Wipe vulnerability

9.1

08.12.2020

Plugin

Discount Rules for WooCommerce <= 2.0.2 Multiple (XSS, SQLi) Vulnerabilities

20.08.2020

Plugin

MailerLite – Signup forms <= 1.4.3 Unauthenticated SQL Injection (SQLi) vulnerability

9.3

25.05.2020

Plugin

MailerLite – Signup forms <= 1.4.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

25.05.2020

Plugin

WPvivid Backup and Migration <= 0.9.35 Missing Authorization vulnerability leading to Database Leak

6.5

28.02.2020

Plugin

wpCentral <= 1.4.7 Privilege escalation vulnerability

24.01.2020

Plugin

InfiniteWP Client <= 1.9.4.4 Authentication Bypass vulnerability

08.01.2020

Plugin

Backup and Staging by WP Time Capsule <= 1.21.15 Authentication Bypass vulnerability

08.01.2020

Plugin

Theme Editor <= 2.1 Multiple vulnerabilities

30.09.2019

Plugin

File Manager <= 4.8 Multiple Vulnerabilities

10.07.2019

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close