🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

297

All Time Discoveries

Showing 261-280 of 297 Vulnerabilities

No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-22680

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Hover Image <= 1.4.1 - Cross-Site Request Forgery

8.8

CVE-2022-47611

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-22679

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access

5.4

CVE-2022-47609

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection

9.8

CVE-2022-45355

Dec 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection

4.8

CVE-2022-46802

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery

8.8

CVE-2022-41650

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection

6.0

CVE-2022-41616

Nov 30, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Export Users With Meta <= 0.6.8 - CSV Injection

8.0

CVE-2022-44577

Nov 17, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting

5.5

CVE-2022-40694

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection

6.3

CVE-2022-41791

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection

5.9

CVE-2022-45078

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-43480

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery

8.8

CVE-2022-44585

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-43462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-42462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation

8.8

CVE-2022-36404

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-41980

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple SEO <= 1.8.12 - Cross-Site Request Forgery

8.8

CVE-2022-44627

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Page View Count <= 2.5.5 - Cross-Site Request Forgery

8.8

CVE-2022-40131

Oct 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-22680	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023
Hover Image <= 1.4.1 - Cross-Site Request Forgery	CVE-2022-47611	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-22679	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023
DNUI <= 2.8.1 - Cross-Site Request Forgery leading to Unused Image Deletion and Database Image Access	CVE-2022-47609	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L	January 13, 2023
WP Pipes <= 1.33 - Authenticated (Admin+) SQL Injection	CVE-2022-45355	9.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H	December 20, 2022
Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection	CVE-2022-46802	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	December 9, 2022
Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery	CVE-2022-41650	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 5, 2022
Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection	CVE-2022-41616	6.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L	November 30, 2022
Export Users With Meta <= 0.6.8 - CSV Injection	CVE-2022-44577	8.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	November 17, 2022
News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting	CVE-2022-40694	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 17, 2022
ProfileGrid <= 5.1.7 - Authenticated (Subscriber+) CSV Injection	CVE-2022-41791	6.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L	November 17, 2022
User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection	CVE-2022-45078	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L	November 9, 2022
Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-43480	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 1, 2022
Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery	CVE-2022-44585	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 1, 2022
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection	CVE-2022-43462	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 24, 2022
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-42462	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2022
Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation	CVE-2022-36404	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 20, 2022
Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-41980	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 20, 2022
Simple SEO <= 1.8.12 - Cross-Site Request Forgery	CVE-2022-44627	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 20, 2022
Page View Count <= 2.5.5 - Cross-Site Request Forgery	CVE-2022-40131	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 13, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation