🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

297

All Time Discoveries

Showing 241-260 of 297 Vulnerabilities

4.3

CVE-2023-26011

Feb 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options

4.3

CVE-2023-26014

Feb 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery

6.1

CVE-2023-23887

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Theme Tweaker <= 5.20 - Cross-Site Request Forgery

4.3

CVE-2023-23713

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WordPress Comments Import & Export <= 2.3.1 - CSV Injection

6.1

CVE-2022-45370

Feb 6, 2023

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Icegram Express <= 5.5.2 - Unauthenticated CSV Injection

6.5

CVE-2022-45810

Feb 6, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery

5.4

CVE-2023-23797

Feb 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection

6.5

CVE-2022-45360

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection

5.8

CVE-2022-44738

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting

4.4

CVE-2022-47607

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

PHP Execution <= 1.0.0 - Cross Site Request Forgery

8.8

CVE-2023-23879

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Site Reviews <= 6.2.0 - Unauthenticated CSV Injection

6.5

CVE-2022-46801

Jan 27, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2022-47610

Jan 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection

7.2

CVE-2022-46803

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Admin Log <= 1.50 - Cross-Site Request Forgery

8.8

CVE-2023-23721

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery

4.3

CVE-2023-22686

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery

4.3

CVE-2023-22688

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery

4.3

CVE-2023-22709

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-46867

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-47598

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Read More Excerpt Link <= 1.5 - Cross-Site Request Forgery	CVE-2023-26011	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 21, 2023
Minify HTML <= 2.1.7 - Cross-Site Request Forgery in minify_html_menu_options	CVE-2023-26014	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 21, 2023
Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery	CVE-2023-23887	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 20, 2023
Theme Tweaker <= 5.20 - Cross-Site Request Forgery	CVE-2023-23713	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 20, 2023
WordPress Comments Import & Export <= 2.3.1 - CSV Injection	CVE-2022-45370	6.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	February 6, 2023
Icegram Express <= 5.5.2 - Unauthenticated CSV Injection	CVE-2022-45810	6.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L	February 6, 2023
Auto YouTube Importer <= 1.0.3 - Cross-Site Request Forgery	CVE-2023-23797	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 3, 2023
Commenter Emails <= 2.6.1 - Unauthenticated CSV Injection	CVE-2022-45360	6.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L	February 2, 2023
Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection	CVE-2022-44738	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L	February 2, 2023
Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2022-47607	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2023
PHP Execution <= 1.0.0 - Cross Site Request Forgery	CVE-2023-23879	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 2, 2023
Site Reviews <= 6.2.0 - Unauthenticated CSV Injection	CVE-2022-46801	6.5	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L	January 27, 2023
Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-47610	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection	CVE-2022-46803	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
Admin Log <= 1.50 - Cross-Site Request Forgery	CVE-2023-23721	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 19, 2023
Nice PayPal Button Lite <= 1.3.5 - Cross-Site Request Forgery	CVE-2023-22686	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 19, 2023
WP Tabs Slides <= 2.0.3 - Cross-Site Request Forgery	CVE-2023-22688	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 19, 2023
SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery	CVE-2023-22709	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 19, 2023
Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-46867	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-47598	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation