🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

297

All Time Discoveries

Showing 41-60 of 297 Vulnerabilities

Webflow Pages <= 1.0.8 - Missing Authorization

5.3

CVE-2023-49818

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery

4.3

CVE-2023-49769

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-49770

Dec 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure

5.3

CVE-2023-49762

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49764

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip

5.3

CVE-2023-49741

Dec 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2023-49194

Dec 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49166

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby

6.6

CVE-2023-48764

Nov 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions

5.4

CVE-2023-41671

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip

5.3

CVE-2023-41134

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass

5.3

CVE-2023-48753

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48742

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48741

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Maspik – Spam blacklist <= 0.10.3 - Bypass

5.3

CVE-2023-48271

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log

6.1

CVE-2023-48272

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings

5.3

CVE-2023-47832

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

5.3

CVE-2023-40600

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery

4.3

CVE-2023-47765

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Maintenance <= 6.1.3 - IP Restriction Bypass

5.3

CVE-2023-47769

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Title	CVE ID	CVSS	Vector	Date
Webflow Pages <= 1.0.8 - Missing Authorization	CVE-2023-49818	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 5, 2023
Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery	CVE-2023-49769	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-49770	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 5, 2023
AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure	CVE-2023-49762	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 4, 2023
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection	CVE-2023-49764	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip	CVE-2023-49741	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 1, 2023
Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure	CVE-2023-49194	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 1, 2023
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection	CVE-2023-49166	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 29, 2023
WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby	CVE-2023-48764	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	November 28, 2023
Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions	CVE-2023-41671	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	November 28, 2023
Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip	CVE-2023-41134	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 27, 2023
Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass	CVE-2023-48753	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 27, 2023
License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection	CVE-2023-48742	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection	CVE-2023-48741	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
Maspik – Spam blacklist <= 0.10.3 - Bypass	CVE-2023-48271	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 21, 2023
Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log	CVE-2023-48272	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 21, 2023
SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings	CVE-2023-47832	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 16, 2023
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log	CVE-2023-40600	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 14, 2023
CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery	CVE-2023-47765	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
WP Maintenance <= 6.1.3 - IP Restriction Bypass	CVE-2023-47769	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 14, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation