🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

308

All Time Discoveries

Showing 221-240 of 308 Vulnerabilities

Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery

4.3

CVE-2023-49769

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery

4.3

CVE-2023-47765

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2023-47664

Nov 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Feather Login Page <= 1.1.3 - Cross-Site Request Forgery

4.3

CVE-2023-46777

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery

4.3

CVE-2023-46638

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery

4.3

CVE-2023-46190

Oct 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Comments Ratings <= 1.1.7 - Cross-Site Request Forgery

4.3

CVE-2023-45654

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery

4.3

CVE-2023-45656

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

PixFields <= 0.7.0 - Cross-Site Request Forgery

4.3

CVE-2023-45655

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Post Gallery <= 2.3.12 - Cross-Site Request Forgery

4.3

CVE-2023-45752

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery

4.3

CVE-2023-45653

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery

4.3

CVE-2023-45650

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

IRivYou <= 2.2.1 - Cross-Site Request Forgery via saveOptionsReviewsPlugin

4.3

CVE-2023-45267

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Blog Manager Light <= 1.20 - Cross-Site Request Forgery via bml_settings

4.3

CVE-2023-45102

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

GoodBarber <= 1.0.23 - Cross-Site Request Forgery via admin_options

4.3

CVE-2023-45107

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Hitsteps Web Analytics <= 5.86 - Cross-Site Request Forgery via hst_optionpage

4.3

CVE-2023-45268

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page

4.3

CVE-2023-45108

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings

4.3

CVE-2023-45103

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config

4.3

CVE-2023-45274

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options

4.3

CVE-2023-45273

Oct 6, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery	CVE-2023-49769	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2023
CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery	CVE-2023-47765	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery	CVE-2023-47664	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 8, 2023
Feather Login Page <= 1.1.3 - Cross-Site Request Forgery	CVE-2023-46777	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 26, 2023
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery	CVE-2023-46638	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2023
Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery	CVE-2023-46190	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 18, 2023
Comments Ratings <= 1.1.7 - Cross-Site Request Forgery	CVE-2023-45654	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery	CVE-2023-45656	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
PixFields <= 0.7.0 - Cross-Site Request Forgery	CVE-2023-45655	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Post Gallery <= 2.3.12 - Cross-Site Request Forgery	CVE-2023-45752	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery	CVE-2023-45653	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery	CVE-2023-45650	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
IRivYou <= 2.2.1 - Cross-Site Request Forgery via saveOptionsReviewsPlugin	CVE-2023-45267	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Blog Manager Light <= 1.20 - Cross-Site Request Forgery via bml_settings	CVE-2023-45102	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
GoodBarber <= 1.0.23 - Cross-Site Request Forgery via admin_options	CVE-2023-45107	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Hitsteps Web Analytics <= 5.86 - Cross-Site Request Forgery via hst_optionpage	CVE-2023-45268	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Mailrelay <= 2.1.1 - Cross-Site Request Forgery via render_admin_page	CVE-2023-45108	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Permalinks Customizer <= 2.8.2 - Cross-Site Request Forgery via post_settings	CVE-2023-45103	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
SendPulse Free Web Push <= 1.3.1 - Cross-Site Request Forgery via sendpulse_config	CVE-2023-45274	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023
Stout Google Calendar <= 1.2.3 - Cross-Site Request Forgery via sgc_plugin_options	CVE-2023-45273	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 6, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation