🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

297

All Time Discoveries

Showing 101-120 of 297 Vulnerabilities

Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page

4.3

CVE-2023-45108

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings

4.3

CVE-2023-45103

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config

4.3

CVE-2023-45274

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options

4.3

CVE-2023-45273

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WhitePage <= 1.1.5 - Cross-Site Request Forgery via params_api_form.php

4.3

CVE-2023-45109

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Bing Map Pro <= 4.1.4 - Cross-Site Request Forgery via AJAX actions

4.3

CVE-2023-45052

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check

5.3

CVE-2023-44993

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery

4.3

CVE-2023-44995

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Category Meta <= 1.2.8 - Cross-Site Request Forgery

4.3

CVE-2023-44998

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Interactive World Map <= 3.2.0 - Cross-Site Request Forgery

4.3

CVE-2023-45060

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Short URL <= 1.6.8 - Cross-Site Request Forgery

4.3

CVE-2023-45058

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2023-45059

Oct 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2023-44478

Sep 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery

5.4

CVE-2023-41697

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization

5.3

CVE-2023-41803

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AWP Classifieds <= 4.3 - Cross-Site Request Forgery

4.3

CVE-2023-41801

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery

4.3

CVE-2023-41853

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-41860

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Woocommerce Support System <= 1.2.1 - Missing Authorization

7.3

CVE-2023-41686

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'

7.2

CVE-2023-41685

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page	CVE-2023-45108	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings	CVE-2023-45103	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config	CVE-2023-45274	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options	CVE-2023-45273	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
WhitePage <= 1.1.5 - Cross-Site Request Forgery via params_api_form.php	CVE-2023-45109	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
WP Bing Map Pro <= 4.1.4 - Cross-Site Request Forgery via AJAX actions	CVE-2023-45052	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
ChatBot <= 4.7.8 - Cross-Site Request Forgery via qc_wp_latest_update_check	CVE-2023-44993	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	October 3, 2023
WooCommerce Login Redirect <= 2.2.4 - Cross-Site Request Forgery	CVE-2023-44995	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Category Meta <= 1.2.8 - Cross-Site Request Forgery	CVE-2023-44998	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Interactive World Map <= 3.2.0 - Cross-Site Request Forgery	CVE-2023-45060	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Short URL <= 1.6.8 - Cross-Site Request Forgery	CVE-2023-45058	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 3, 2023
Gumroad <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-45059	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	October 3, 2023
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2023-44478	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 28, 2023
Easy WP Cleaner <= 1.9 - Cross-Site Request Forgery	CVE-2023-41697	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	September 5, 2023
BitPay Checkout for WooCommerce <= 4.1.0 - Missing Authorization	CVE-2023-41803	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	September 5, 2023
AWP Classifieds <= 4.3 - Cross-Site Request Forgery	CVE-2023-41801	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
WP iCal Availability <= 1.0.3 - Cross-Site Request Forgery	CVE-2023-41853	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	September 5, 2023
Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting	CVE-2023-41860	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Woocommerce Support System <= 1.2.1 - Missing Authorization	CVE-2023-41686	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	September 4, 2023
Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-41685	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 4, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation