🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

308

All Time Discoveries

Showing 101-120 of 308 Vulnerabilities

SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery

4.3

CVE-2023-22709

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31925

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-31089

Mar 29, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings

4.4

CVE-2024-22153

Jan 16, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-51548

Dec 9, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-49770

Dec 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-47245

Nov 7, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-32580

Jun 13, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

4.4

CVE-2023-32578

May 12, 2023

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting

4.4

CVE-2022-47607

Feb 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2022-47610

Jan 27, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

4.4

CVE-2023-23793

Mar 20, 2020

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection

4.8

CVE-2022-46802

Dec 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting

4.8

CVE-2022-0969

Mar 21, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

E2Pdf <= 1.16.44 - Stored Cross-Site Scripting

4.8

CVE-2022-0535

Feb 9, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting

4.8

CVE-2021-24811

Nov 1, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting

4.8

CVE-2021-24856

Oct 18, 2021

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal

4.9

CVE-2023-23872

Feb 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection

5.1

CVE-2022-42882

Mar 2, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L

RomethemeKit For Elementor <= 1.4.1 - Missing Authorization

5.3

CVE-2024-33919

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
SRS Simple Hits Counter <= 1.1.0 - Cross-Site Request Forgery	CVE-2023-22709	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 19, 2023
F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31925	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Platinum SEO <= 2.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-31089	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 29, 2024
Stock Locations for WooCommerce <= 2.5.9 - Authenticated (Administrator+) Stored Cross-Site Scripting via settings	CVE-2024-22153	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 16, 2024
SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-51548	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 9, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-49770	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 5, 2023
ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-47245	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 7, 2023
Password Protected <= 2.6.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-32580	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	June 13, 2023
Column-Matic <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-32578	4.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N	May 12, 2023
Usersnap <= 4.16 - Authenticated (Admin+) Stored Cross Site Scripting	CVE-2022-47607	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	February 2, 2023
Simple Image Popup <= 1.3.6 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2022-47610	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
Read More Without Refresh <= 3.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-23793	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	March 20, 2020
Product Reviews Import Export for WooCommerce <= 1.4.8 - CSV Injection	CVE-2022-46802	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	December 9, 2022
Image optimization & Lazy Load <= 3.3.1 - Admin+ Stored Cross-Site Scripting	CVE-2022-0969	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	March 21, 2022
E2Pdf <= 1.16.44 - Stored Cross-Site Scripting	CVE-2022-0535	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	February 9, 2022
Shop Page WP <= 1.2.7 - Authenticated Cross-Site Scripting	CVE-2021-24811	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	November 1, 2021
Shared Files – Easy Download Manager and File Sharing Plugin with Frontend File Upload <= 1.6.60 - Cross-Site Scripting	CVE-2021-24856	4.8	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N	October 18, 2021
GMAce <= 1.5.2 - Authenticated(Admin+) Directory Traversal	CVE-2023-23872	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	February 23, 2023
Simple CSV/XLS Exporter <= 1.5.8 - CSV Injection	CVE-2022-42882	5.1	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L	March 2, 2023
RomethemeKit For Elementor <= 1.4.1 - Missing Authorization	CVE-2024-33919	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation