🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

305

All Time Discoveries

Showing 81-100 of 305 Vulnerabilities

Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery

6.1

CVE-2023-23887

Feb 20, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WordPress Comments Import & Export <= 2.3.1 - CSV Injection

6.1

CVE-2022-45370

Feb 6, 2023

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Atahualpa <= 3.7.24 - Cross-Site Scripting via Cross-Site Request Forgery

6.1

CVE-2024-27948

Mar 1, 2017

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton

6.0

CVE-2022-46821

Apr 28, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection

6.0

CVE-2022-41616

Nov 30, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L

User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection

5.9

CVE-2022-45078

Nov 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

Export Users Data Distinct <= 1.3 - Authenticated (Subscriber+) CSV Injection

5.8

CVE-2022-46804

Mar 22, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

amr users <= 4.59.4 - Authenticated (Subscriber+) CSV Injection

5.8

CVE-2022-45348

Mar 22, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection

5.8

CVE-2022-44738

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L

BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options

5.5

CVE-2024-24834

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2023-31219

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-22679

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2023-22680

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-47598

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting

5.5

CVE-2022-40694

Nov 17, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-43480

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-42462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-41980

Oct 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting

5.5

CVE-2022-36428

Oct 4, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

5.5

CVE-2022-38068

Sep 7, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Easy Google Analytics for WordPress <= 1.6.0 - Cross-Site Request Forgery	CVE-2023-23887	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	February 20, 2023
WordPress Comments Import & Export <= 2.3.1 - CSV Injection	CVE-2022-45370	6.1	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L	February 6, 2023
Atahualpa <= 3.7.24 - Cross-Site Scripting via Cross-Site Request Forgery	CVE-2024-27948	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	March 1, 2017
Emails & Newsletters with Jackmail <= 1.2.22 - Authenticated (Subscriber+) CSV Injecton	CVE-2022-46821	6.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L	April 28, 2023
Export Users Data CSV <= 2.1 - Authenticated (Subscriber+) CSV Injection	CVE-2022-41616	6.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L	November 30, 2022
User Blocker <= 1.5.5 - Authenticated (Admin+) CSV Injection	CVE-2022-45078	5.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L	November 9, 2022
Export Users Data Distinct <= 1.3 - Authenticated (Subscriber+) CSV Injection	CVE-2022-46804	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L	March 22, 2023
amr users <= 4.59.4 - Authenticated (Subscriber+) CSV Injection	CVE-2022-45348	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L	March 22, 2023
Posts and Users Stats <= 1.1.3 - Authenticated (Subscriber+) CSV Injection	CVE-2022-44738	5.8	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L	February 2, 2023
BEAR <= 1.1.4 - Authenticated (Shop manager+) Stored Cross-Site Scripting via Plugin Options	CVE-2024-24834	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2024
Download Monitor <= 4.8.1 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2023-31219	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	May 30, 2023
WP Better Emails <= 0.4 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-22679	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023
No API Amazon Affiliate <= 4.2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-22680	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023
WP Super Popup <= 1.1.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-47598	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 13, 2023
News Announcement Scroll <= 8.8.8 - Authenticated (Admininstrator+) Stored Cross-Site Scripting	CVE-2022-40694	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 17, 2022
Homepage Popup <= 1.2.5 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-43480	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	November 1, 2022
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-42462	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2022
Mantenimiento web <= 0.13 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-41980	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 20, 2022
Rock Convert <= 2.11.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-36428	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	October 4, 2022
Export Post Info <= 1.1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-38068	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 7, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation