🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

308

All Time Discoveries

Showing 281-300 of 308 Vulnerabilities

Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection

7.2

CVE-2022-46803

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-43462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-3131

Sep 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-3076

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Woocommerce Support System <= 1.2.2 - Missing Authorization

7.3

CVE-2023-41686

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization

7.3

CVE-2023-37969

Jul 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection

7.4

CVE-2023-36527

Jun 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions

7.5

CVE-2023-47224

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API

7.5

CVE-2023-40211

Aug 11, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest

7.6

CVE-2023-45828

Oct 13, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L

Export Users With Meta <= 0.6.8 - CSV Injection

8.0

CVE-2022-44577

Nov 17, 2022

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle

8.1

CVE-2023-46615

Oct 24, 2023

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client

8.1

CVE-2023-23861

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection

8.8

CVE-2024-31094

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2023-44478

Sep 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

PHP Execution <= 1.0.0 - Cross Site Request Forgery

8.8

CVE-2023-23879

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Admin Log <= 1.50 - Cross-Site Request Forgery

8.8

CVE-2023-23721

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-46867

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Hover Image <= 1.4.1 - Cross-Site Request Forgery

8.8

CVE-2022-47611

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery

8.8

CVE-2022-41650

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection	CVE-2022-46803	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection	CVE-2022-43462	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 24, 2022
Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection	CVE-2022-3131	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 20, 2022
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2022-3076	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 5, 2022
Woocommerce Support System <= 1.2.2 - Missing Authorization	CVE-2023-41686	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	September 4, 2023
Checkout with Zelle on Woocommerce <= 3.1 - Missing Authorization	CVE-2023-37969	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 12, 2023
Post to CSV by BestWebSoft <= 1.4.0 - Authenticated (Author+) CSV Injection	CVE-2023-36527	7.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L	June 28, 2023
WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions	CVE-2023-47224	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	November 3, 2023
Post Grid <= 2.2.50 - Missing Authorization to Sensitive Information Exposure via REST API	CVE-2023-40211	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	August 11, 2023
RumbleTalk Live Group Chat <= 6.1.9 - Missing Authorization via handleRequest	CVE-2023-45828	7.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L	October 13, 2023
Export Users With Meta <= 0.6.8 - CSV Injection	CVE-2022-44577	8.0	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H	November 17, 2022
KD Coming Soon <= 1.7 - Unauthenticated PHP Object Injection via cetitle	CVE-2023-46615	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	October 24, 2023
GMAce <= 1.5.2 - Cross-Site Request Forgery via gmace_manager_client	CVE-2023-23861	8.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H	February 23, 2023
Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection	CVE-2024-31094	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 29, 2024
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2023-44478	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 28, 2023
PHP Execution <= 1.0.0 - Cross Site Request Forgery	CVE-2023-23879	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 2, 2023
Admin Log <= 1.50 - Cross-Site Request Forgery	CVE-2023-23721	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 19, 2023
Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-46867	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
Hover Image <= 1.4.1 - Cross-Site Request Forgery	CVE-2022-47611	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery	CVE-2022-41650	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 5, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation