Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

Dave Jong (Patchstack)

0
0
0
0
Twitter Github Website
28 November, 2022
Dave Jong (Patchstack)
Alliance XP
697.75
Contributions
175
Contributions 175
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

Ninja Popups <= 4.7.5 Unauth. Open Redirect vulnerability

+0 AXP

4.7

18 July, 2023

Theme

RealHomes <= 4.0.2 Broken Access Control vulnerability

+0 AXP

5.4

11 July, 2023

Theme

RealHomes <= 4.0.2 Broken Access Control vulnerability

+0 AXP

4.3

11 July, 2023

Theme

Consulting <= 6.5.6 Local File Inclusion

+14.6 AXP

7.3

5 July, 2023

Theme

WPLMS < 4.900 CrossSite Request Forgery (CSRF) vulnerability

+16.2 AXP

8.1

5 July, 2023

Plugin

Houzez CRM <= 1.3.4 SQL Injection

+29.7 AXP

9.9

28 June, 2023

Theme

The7 <= 11.7.3 CrossSite Request Forgery (CSRF)

+15.25 AXP

6.1

27 June, 2023

Theme

HashOne <= 1.3.0 Broken Access Control Vulnerability

+4.3 AXP

4.3

25 May, 2023

Theme

Viral <= 1.8.0 Broken Access Control vulnerability

+4.3 AXP

4.3

25 May, 2023

Theme

Viral News <= 1.4.5 Broken Access Control

+4.3 AXP

4.3

25 May, 2023

Theme

MetroStore <= 1.3.2 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

BuzzStore <= 1.3.6 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

SparkleStore <= 1.5.9 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Medical Heed <= 1.1.4 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Kingcabs <= 1.1.5 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Craft Blog <= 1.0.7 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Fitness Park <= 1.0.6 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Online eStore <= 1.0.9 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Kathmag <= 1.0.6 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

Appzend <= 1.2.1 Broken Access Control

+0 AXP

4.3

16 May, 2023

Theme

SpiderMag <= 1.1.7 Broken Access Control

+0 AXP

4.3

16 May, 2023

Plugin

Easing Slider <= 3.0.8 Plugin Settings Reset Vulnerability

+15 AXP

7.5

16 May, 2023

Theme

WoodMart <= 7.2.1 CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

11 May, 2023

Theme

WoodMart <= 7.2.1 Broken Access Control vulnerability

+0 AXP

5.4

11 May, 2023

Plugin

Woodmart Core <= 1.0.36 PHP Object Injection

+0 AXP

9.8

11 May, 2023

Plugin

Woodmart Core <= 1.0.36 Privilege Escalation

+0 AXP

9.8

11 May, 2023

Plugin

YITH WooCommerce Gift Cards Premium <= 3.23.1 Unauth. Gift Card Creation Leading to Stored XSS vulnerability

+13 AXP

6.5

10 May, 2023

Plugin

Points and Rewards for WooCommerce <= 1.5.0 Broken Access Control vulnerability

+13 AXP

6.5

5 May, 2023

Plugin

Points and Rewards for WooCommerce <= 1.5.0 Settings Change vulnerability

+5.4 AXP

5.4

5 May, 2023

Plugin

Community by PeepSo <= 6.0.9.0 Server Information Disclosure

+10.6 AXP

5.3

5 May, 2023

Theme

TheGem < 5.8.1.1 Broken Access Control vulnerability

+16.2 AXP

5.4

5 May, 2023

Theme

TheGem < 5.8.1.1 Broken Access Control vulnerability

+16.2 AXP

5.4

5 May, 2023

Theme

TheGem < 5.8.1.1 Auth. Stored CrossSite Scripting (XSS) vulnerability

+16.2 AXP

5.4

5 May, 2023

Theme

TheGem < 5.8.1.1 Auth. Stored CrossSite Scripting (XSS) Vulnerability

+16.2 AXP

5.4

5 May, 2023

Theme

Editorialmag <= 1.1.9 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

4 May, 2023

Plugin

CM Pop-Up banners <= 1.5.10 Up banners for WordPress plugin <= 1.5.10 SQL Injection vulnerability

+12.75 AXP

8.5

3 May, 2023

Theme

Educenter <= 1.5.1 Broken Access Control

+4.3 AXP

4.3

14 April, 2023

Theme

Square <= 2.0.0 Broken Access Control

+4.3 AXP

4.3

13 April, 2023

Theme

Blogger Buzz <= 1.2.1 Broken Access Control vulnerability

+0 AXP

4.3

13 April, 2023

Theme

Houzez < 2.8.3 Unauth. SQL Injection (SQLi) vulnerability

+49.2 AXP

8.2

6 April, 2023

Theme

Viral Mag <= 1.0.9 Authenticated Arbitrary Plugin Activation Vulnerability

+0 AXP

4.3

30 March, 2023

Plugin

HappyFiles Pro <= 1.8.1 Broken Access Control

+0 AXP

7.7

29 March, 2023

Plugin

HappyFiles Pro <= 1.8.1 Broken Access Control vulnerability

+0 AXP

5.4

29 March, 2023

Theme

Resoto <= 1.0.8 Broken Access Control to Arbitrary Plugin Activation

+0 AXP

4.3

22 March, 2023

Theme

Real Estate Directory <= 1.0.5 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

17 March, 2023

Theme

Chankhe <= 1.0.5 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

15 March, 2023

Theme

Mediciti Lite <= 1.3.0 Reflected Cross Site Scripting (XSS) vulnerability

+0 AXP

5.4

15 March, 2023

Theme

Brilliance <= 1.3.1 Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

5.4

13 March, 2023

Theme

Intrepidity <= 1.5.1 Cross Site Request Forgery (CSRF)

+0 AXP

8.8

13 March, 2023

Theme

Regina Lite <= 2.0.7 Reflected Cross Site Scripting (XSS)

+5.4 AXP

5.4

13 March, 2023

Plugin

Montonio for WooCommerce <= 6.0.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

8 March, 2023

Theme

Big Store <= 1.9.3 CrossSite Request Forgery (CSRF) vulnerability

+0 AXP

4.3

5 March, 2023

Plugin

Wpopal Core Features <= 1.5.8 Server Side Request Forgery (SSRF)

+16.4 AXP

8.2

3 March, 2023

Plugin

AMO for WP – Membership Management <= 4.6.6 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

WooVirtualWallet – A virtual wallet for WooCommerce <= 2.2.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

WooVIP – Membership plugin for WordPress and WooCommerce <= 1.4.4 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

WooSupply – Suppliers, Supply Orders and Stock Management <= 1.2.2 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

Theme Minifier <= 2.0 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

Styles <= 1.2.3 Server Side Request Forgery (SSRF)

+16.4 AXP

8.2

3 March, 2023

Plugin

WordPress Page Builder – Qards <= 1.0.5 Qards plugin <= 1.0.5 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

PHPFreeChat <= 0.2.8 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

Custom Login Admin Front-end CSS <= 1.4.1 end CSS plugin <= 1.4.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

CSS Adder By Agence-Press <= 1.5.0 Press plugin <= 1.5.0 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

Confirm Data <= 1.0.7 Unauth. ServerSide Request Forgery (SSRF) vulnerability

+0 AXP

8.2

3 March, 2023

Plugin

AMP Toolbox <= 2.1.1 Server Side Request Forgery (SSRF)

+0 AXP

8.2

3 March, 2023

Plugin

Admin CSS MU <= 2.6 ServerSide Request Forgery (SSRF) vulnerability

+16.4 AXP

8.2

3 March, 2023

Plugin

Types <= 3.4.17 Authenticated Arbitrary File Upload Vulnerability

+0 AXP

7.2

3 March, 2023

Theme

Total <= 2.1.19 Authenticated Arbitrary Plugin Activation

+12.9 AXP

4.3

1 March, 2023

Plugin

Wholesale Suite <= 2.1.5 Auth. Broken Access Control vulnerability

+5.4 AXP

5.4

27 February, 2023

Theme

Houzez <= 2.7.1 Privilege Escalation

+29.4 AXP

9.8

27 February, 2023

Plugin

Zendrop – Global Dropshipping <= 1.0.0 Arbitrary SQL Query Execution Vulnerability

+15 AXP

10.0

24 February, 2023

Plugin

Zendrop – Global Dropshipping <= 1.0.0 Arbitrary File Upload

+39.2 AXP

9.8

24 February, 2023

Plugin

Houzez Login Register <= 2.6.3 Privilege Escalation

+19.6 AXP

9.8

23 February, 2023

Plugin

WatchTowerHQ <= 3.6.16 Privilege Escalation

+0 AXP

9.8

14 February, 2023

Plugin

GamiPress <= 2.5.7 Unauthenticated SQL Injection vulnerability

+24.6 AXP

8.2

14 February, 2023

Plugin

GamiPress <= 2.5.6 CSRF Leading to Settings Change Vulnerability

+2.7 AXP

5.4

13 February, 2023

Plugin

GamiPress <= 2.5.6 Missing Authorization Leading to Points Manipulation Vulnerability

+5.4 AXP

5.4

13 February, 2023

Theme

ColorWay <= 4.2.3 CSRF Leading to Arbitrary Plugin Activation

+2.15 AXP

4.3

8 February, 2023

Theme

Magazine Edge <= 1.13 Authenticated Arbitrary Plugin Activation

+0 AXP

4.3

2 February, 2023

Plugin

Spectra <= 2.3.0 Contributor+ reCAPTCHA Settings Change Vulnerability

+32.4 AXP

5.4

23 January, 2023

Plugin

Spectra <= 2.3.0 Captcha Bypass Vulnerability

+31.8 AXP

5.3

23 January, 2023

Plugin

Spectra <= 2.3.0 Unauthenticated Email HTML Injection Vulnerability

+31.8 AXP

5.3

23 January, 2023

Plugin

Spectra <= 2.3.0 Unauthenticated Email Spoofing Vulnerability

+31.8 AXP

5.3

23 January, 2023

Theme

Corsa <= 1.5 Arbitrary File Upload

+0 AXP

8.8

23 January, 2023

Theme

Upfrontwp <= 1.1 Reflected CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

23 January, 2023

Plugin

MainWP Broken Links Checker Extension <= 4.0 Unauthenticated SQL Injection Vulnerability

+0 AXP

8.2

17 January, 2023

Plugin

MainWP Broken Links Checker Extension <= 4.0 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Boilerplate Extension <= 4.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Boilerplate Extension <= 4.1 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17 January, 2023

Plugin

MainWP Article Uploader Extension <= 4.0.2 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17 January, 2023

Plugin

MainWP Article Uploader Extension <= 4.0.2 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17 January, 2023

Plugin

MainWP BlogVault Backup Extension <= 1.3 Subscriber+ Arbitrary Plugin Installation Vulnerability

+0 AXP

6.5

17 January, 2023

Plugin

MainWP Favorites Extension <= 4.0.10 Subscriber+ Arbitrary Plugin Installation Vulnerability

+0 AXP

6.5

17 January, 2023

Plugin

MainWP Favorites Extension <= 4.0.10 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17 January, 2023

Plugin

MainWP White Label Extension <= 4.1.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Buddy Extension <= 4.0.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP WordPress SEO Extension <= 4.0.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP UpdraftPlus Extension <= 4.0.6 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Staging Extension <= 4.0.3 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Page Speed Extension <= 4.0.2 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP iThemes Security Extension <= 4.1.1 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Clone Extension <= 4.0.2 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Arbitrary PHP Code Injection/Execution Vulnerability

+0 AXP

9.9

17 January, 2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Stored CrossSite Scripting Vulnerability

+0 AXP

6.5

17 January, 2023

Plugin

MainWP Links Manager Extension <= 2.1 Unauthenticated PHP Object Injection Vulnerability

+0 AXP

8.1

17 January, 2023

Plugin

MainWP Code Snippets Extension <= 4.0.2 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Comments Extension <= 4.0.6 Subscriber+ Arbitrary Comment Removal/Trash/Approval/Restoration Vulnerability

+0 AXP

6.5

17 January, 2023

Plugin

MainWP File Uploader Extension <= 4.1 Subscriber+ Arbitrary File Deletion Vulnerability

+0 AXP

7.7

17 January, 2023

Plugin

MainWP Rocket Extension <= 4.0.3 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP UpdraftPlus Extension <= 4.0.6 Unauthenticated Plugin Settings Change Vulnerability

+0 AXP

6.5

17 January, 2023

Plugin

MainWP File Uploader Extension <= 4.1 Unauthenticated Arbitrary File Upload Vulnerability

+0 AXP

10.0

17 January, 2023

Plugin

MainWP Google Analytics Extension <= 4.0.4 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Google Analytics Extension <= 4.0.4 Subscriber+ SQL Injection Vulnerability

+0 AXP

7.1

17 January, 2023

Plugin

MainWP Maintenance Extension <= 4.1.1 Subscriber+ SQL Injection Vulnerability

+0 AXP

8.5

17 January, 2023

Plugin

MainWP Maintenance Extension <= 4.1.1 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Matomo Extension <= 4.0.4 CSRF Leading To Plugin Settings Change Vulnerability

+0 AXP

4.3

17 January, 2023

Plugin

MainWP Post Dripper Extension <= 4.0.4 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17 January, 2023

Plugin

MainWP Post Plus Extension <= 4.0.3 Subscriber+ Post/Page Deletion Vulnerability

+0 AXP

7.1

17 January, 2023

Plugin

MainWP Rocket Extension <= 4.0.3 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Wordfence Extension <= 4.0.7 Subscriber+ Plugin Settings Change Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

MainWP Wordfence Extension <= 4.0.7 Subscriber+ Arbitrary Plugin Activation Vulnerability

+0 AXP

5.4

17 January, 2023

Plugin

Wp Social <= 1.9.0 Auth. Sensitive Information Disclosure vulnerability

6.5

14 December, 2022

Theme

Attorney <= 3 Unauth. Arbitrary Content Deletion vulnerability

+0 AXP

6.5

1 December, 2022

Plugin

ARMember Premium <= 5.5.1 Unauth. Privilege Escalation vulnerability

+0 AXP

9.8

1 December, 2022

Plugin

Wholesale Suite <= 2.1.5 Auth. Stored CrossSite Scripting (XSS) vulnerability

+0 AXP

6.5

28 November, 2022

Plugin

Smart Slider 3 <= 3.5.1.9 Auth. PHP Object Injection vulnerability

4.3

23 November, 2022

Plugin

Image Map Pro < 5.6.9 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

+0 AXP

5.4

23 November, 2022

Plugin

Image Map Pro < 5.6.9 CrossSite Request Forgery (CSRF) leading to Stored CrossSite Scripting (XSS)

+0 AXP

6.1

23 November, 2022

Plugin

ShareThis Dashboard for Google Analytics <= 3.1.4 Broken Access Control vulnerability

+0 AXP

5.4

23 November, 2022

Plugin

YITH WooCommerce Gift Cards Premium <= 3.19.0 Unauth. Arbitrary File Upload vulnerability

9.8

22 November, 2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

6.3

21 November, 2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

4.3

21 November, 2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

5.4

21 November, 2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

5.4

21 November, 2022

Theme

Betheme <= 26.6.1 Broken Access Control vulnerability

4.3

21 November, 2022

Theme

Betheme <= 26.6.1 Auth. Stored CrossSite Scripting (XSS) vulnerability

5.4

21 November, 2022

Theme

Betheme <= 26.5.1.4 Auth. PHP Object Injection vulnerability

6.3

17 November, 2022

Plugin

Multilingual CMS <= 4.5.13 CrossSite Request Forgery (CSRF) vulnerability

4.3

9 November, 2022

Plugin

Multilingual CMS <= 4.5.13 CrossSite Request Forgery (CSRF) vulnerability

5.4

9 November, 2022

Plugin

Multilingual CMS <= 4.5.10 Broken Access Control vulnerability

4.3

9 November, 2022

Plugin

Multilingual CMS <= 4.5.10 Broken Access Control vulnerability

5.4

9 November, 2022

Plugin

WatchTowerHQ <= 3.6.15 Unauth. Arbitrary File Deletion vulnerability

9.1

1 November, 2022

Plugin

WatchTowerHQ <= 3.6.15 Unauth. Arbitrary File Download vulnerability

7.5

1 November, 2022

Theme

Soledad <= 8.2.5 Broken Access Control vulnerability

5.4

1 November, 2022

Theme

Soledad <= 8.2.5 Auth. CrossSite Scripting (XSS) vulnerability

5.4

30 October, 2022

Plugin

Api2Cart Bridge Connector <= 1.1.0 Arbitrary File Upload vulnerability

9.8

28 October, 2022

Plugin

Api2Cart Bridge Connector <= 1.1.0 Arbitrary Code Execution vulnerability

10.0

28 October, 2022

Plugin

SearchWP <= 4.2.5 Broken Authentication vulnerability

5.4

24 October, 2022

Theme

Avada <= 7.8.1 CrossSite Request Forgery (CSRF) vulnerability

8.8

20 October, 2022

Plugin

Shortcodes Ultimate <= 5.12.0 CSRF vulnerability leading to Stored XSS

6.1

13 October, 2022

Plugin

ALD - AliExpress Dropshipping and Fulfillment for WooCommerce <= 1.1.0 Sensitive Data Exposure vulnerability

+0 AXP

7.5

12 October, 2022

Plugin

Shortcodes Ultimate <= 5.12.0 CrossSite Request Forgery (CSRF) vulnerability

5.4

2 October, 2022

Plugin

Beaver Builder <= 2.5.4.3 Broken Access Control vulnerability

5.4

20 July, 2022

Plugin

Breeze <= 2.0.2 Plugin Settings Change leading to CrossSite Scripting (XSS) vulnerability

6.5

2 May, 2022

Plugin

Responsive Menu <= 4.1.7 Nonce token leak leading to arbitrary file upload, theme deletion, plugin settings change vulnerability

8.3

16 March, 2022

Plugin

Rearrange Woocommerce Products <= 4.0.2 SQL Injection (SQLi) vulnerability

6.6

15 March, 2022

Plugin

Perfect Brands for WooCommerce <= 2.0.4 Set Featured Brand vulnerability

4.3

28 January, 2022

Plugin

Perfect Brands for WooCommerce <= 2.0.4 Server Information Exposure vulnerability

4.3

28 January, 2022

Plugin

Hide My WP <= 6.2.3 Unauthenticated SQL injection (SQLi) vulnerability

8.6

24 November, 2021

Plugin

Hide My WP <= 6.2.3 Unauthenticated Plugin Deactivation vulnerability

6.5

24 November, 2021

Plugin

WP Reset <= 5.98 Authenticated Database Reset vulnerability

8.8

10 November, 2021

Plugin

WP Reset <= 5.98 CrossSite Request Forgery (CSRF) vulnerability leading to Database Reset

8.8

10 November, 2021

Plugin

Popup Builder <= 3.71 Authenticated Local File Inclusion (LFI) vulnerability

+0 AXP

8.8

28 January, 2021

Plugin

Popup Builder <= 3.71 Authenticated Deleting/Importing Subscribers vulnerability

+0 AXP

6.3

28 January, 2021

Plugin

Popup Builder <= 3.71 Authenticated Newsletter Send With Custom Content And Sender vulnerability

+0 AXP

5.3

28 January, 2021

Plugin

ThemeGrill Demo Importer <= 1.6.2 Bypass and Database Wipe vulnerability

9.1

8 December, 2020

Plugin

Discount Rules for WooCommerce <= 2.0.2 Multiple (XSS, SQLi) Vulnerabilities

+0 AXP

8.5

20 August, 2020

Plugin

MailerLite – Signup forms <= 1.4.3 Unauthenticated SQL Injection (SQLi) vulnerability

9.3

25 May, 2020

Plugin

MailerLite – Signup forms <= 1.4.4 Multiple CrossSite Request Forgery (CSRF) vulnerabilities

5.4

25 May, 2020

Plugin

WPvivid Backup and Migration <= 0.9.35 Missing Authorization vulnerability leading to Database Leak

6.5

28 February, 2020

Plugin

wpCentral <= 1.4.7 Privilege escalation vulnerability

+0 AXP

8.8

24 January, 2020

Plugin

InfiniteWP Client <= 1.9.4.4 Authentication Bypass vulnerability

+0 AXP

9.8

8 January, 2020

Plugin

Backup and Staging by WP Time Capsule <= 1.21.15 Authentication Bypass vulnerability

+0 AXP

9.8

8 January, 2020

Plugin

Theme Editor <= 2.1 Multiple vulnerabilities

30 September, 2019

Plugin

File Manager <= 4.8 Multiple Vulnerabilities

10 July, 2019

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugins NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022 NEW

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close