🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

308

All Time Discoveries

Showing 181-200 of 308 Vulnerabilities

Stop Referrer Spam <= 1.3.0 - Cross-Site Request Forgery via processParameters

5.4

CVE-2023-33207

May 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure

5.4

CVE-2023-32798

May 16, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

WP Custom Cursors < 3.2 - Cross-Site Request Forgery

4.3

CVE-2023-32739

May 15, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification

5.4

CVE-2023-32583

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset

5.4

CVE-2023-32588

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update

5.4

CVE-2023-32594

May 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.4

CVE-2023-32578

May 12, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery

4.3

CVE-2023-32514

May 10, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-32128

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Library Viewer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-32102

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Library Viewer <= 2.0.6 - Open Redirect via 'redirect_to'

5.4

CVE-2023-32101

May 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton

6.0

CVE-2022-46821

Apr 28, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions

7.1

CVE-2023-27424

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate

4.3

CVE-2023-31089

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page

4.3

CVE-2023-31093

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode

6.4

CVE-2023-31079

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Simple Giveaways <= 2.46 - Cross-Site Request Forgery

5.4

CVE-2023-31086

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Album Gallery – WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php

4.3

CVE-2023-23646

Apr 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute

6.4

CVE-2023-30784

Apr 18, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

5.4

CVE-2023-30778

Apr 17, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Stop Referrer Spam <= 1.3.0 - Cross-Site Request Forgery via processParameters	CVE-2023-33207	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 18, 2023
Simple Page Ordering <= 2.5.0 - Missing Authorization to Information Disclosure	CVE-2023-32798	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	May 16, 2023
WP Custom Cursors < 3.2 - Cross-Site Request Forgery	CVE-2023-32739	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 15, 2023
WP All Backup <= 2.4.3 - Cross-Site Request Forgery to Backup Storage Modification	CVE-2023-32583	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 12, 2023
Post State Tags <= 2.0.6 - Cross-Site Request Forgery to Settings Reset	CVE-2023-32588	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	May 12, 2023
Hyphenator <= 5.1.5 - Cross-Site Request Forgery to Settings Update	CVE-2023-32594	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	May 12, 2023
Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-32578	4.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
Google Site Verification plugin using Meta Tag <= 1.2 - Cross-Site Request Forgery	CVE-2023-32514	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	May 10, 2023
Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection	CVE-2023-32128	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 5, 2023
Library Viewer <= 2.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-32102	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	May 3, 2023
Library Viewer <= 2.0.6 - Open Redirect via 'redirect_to'	CVE-2023-32101	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N	May 3, 2023
Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton	CVE-2022-46821	6.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L	April 28, 2023
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions	CVE-2023-27424	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	April 24, 2023
Video XML Sitemap Generator <= 1.0.0 - Cross-Site Request Forgery via video_sitemap_generate	CVE-2023-31089	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 24, 2023
Chronosly Events Calendar <= 2.6.2 - Cross-Site Request Forgery via plugin_settings_page	CVE-2023-31093	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 24, 2023
Tippy <= 6.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via tippy shortcode	CVE-2023-31079	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 24, 2023
Simple Giveaways <= 2.46 - Cross-Site Request Forgery	CVE-2023-31086	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	April 24, 2023
Album Gallery – WordPress Gallery <= 1.4.9 - Cross-Site Request Forgery via album-gallery-column-settings.php	CVE-2023-23646	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 19, 2023
Kaya QR Code Generator <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via qrCode attribute	CVE-2023-30784	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 18, 2023
PowerPress <= 10.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-30778	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	April 17, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation