🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

305

All Time Discoveries

Showing 281-300 of 305 Vulnerabilities

Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-43480

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery

8.8

CVE-2022-44585

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-43462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-42462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation

8.8

CVE-2022-36404

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-41980

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple SEO <= 1.8.12 - Cross-Site Request Forgery

8.8

CVE-2022-44627

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Page View Count <= 2.5.5 - Cross-Site Request Forgery

8.8

CVE-2022-40131

Oct 13, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-36428

Oct 4, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection

5.4

CVE-2022-38061

Sep 22, 2022

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-3131

Sep 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-38068

Sep 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-3132

Sep 6, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-3076

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-2799

Aug 16, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Opensea <= 1.0.2 - Cross-Site Scripting

5.5

CVE-2022-1228

Apr 10, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting

5.5

CVE-2022-0876

Apr 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting

4.8

CVE-2022-0969

Mar 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

BulletProof Security <= 5.7 - Admin+ Stored Cross-Site Scripting

5.5

CVE-2022-0590

Feb 22, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

E2Pdf <= 1.16.44 - Stored Cross-Site Scripting

4.8

CVE-2022-0535

Feb 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-43480	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 1, 2022
Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery	CVE-2022-44585	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 1, 2022
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection	CVE-2022-43462	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 24, 2022
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-42462	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2022
Simple SEO <= 1.8.12 - Cross-Site Request Forgery to Sitemap Deletion/Creation	CVE-2022-36404	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 20, 2022
Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-41980	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 20, 2022
Simple SEO <= 1.8.12 - Cross-Site Request Forgery	CVE-2022-44627	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 20, 2022
Page View Count <= 2.5.5 - Cross-Site Request Forgery	CVE-2022-40131	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 13, 2022
Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-36428	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 4, 2022
Export Post Info <= 1.2.0 - Authenticated (Author+) CSV Injection	CVE-2022-38061	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N	September 22, 2022
Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection	CVE-2022-3131	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 20, 2022
Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-38068	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 7, 2022
Goolytics – Simple Google Analytics <= 1.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3132	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 6, 2022
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2022-3076	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 5, 2022
Affiliates Manager <= 2.9.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-2799	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	August 16, 2022
Opensea <= 1.0.2 - Cross-Site Scripting	CVE-2022-1228	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2022
Social comments by WpDevArt <= 2.4.9 - Admin+ Stored Cross-Site Scripting	CVE-2022-0876	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 9, 2022
Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting	CVE-2022-0969	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	March 21, 2022
BulletProof Security <= 5.7 - Admin+ Stored Cross-Site Scripting	CVE-2022-0590	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 22, 2022
E2Pdf <= 1.16.44 - Stored Cross-Site Scripting	CVE-2022-0535	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	February 9, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation