🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

308

All Time Discoveries

Showing 1-20 of 308 Vulnerabilities

RomethemeKit For Elementor <= 1.4.1 - Missing Authorization

5.3

CVE-2024-33919

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

JW Player for WordPress <= 2.3.3 - Missing Authorization

5.3

CVE-2024-33931

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WTI Like Post <= 1.4.6 - IP Spoofing

5.3

CVE-2024-33917

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal

5.3

CVE-2024-32820

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery

4.3

CVE-2024-33682

Apr 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

SSU <= 1.5.0 - Missing Authorization

5.3

CVE-2024-33597

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization

5.3

CVE-2024-33587

Apr 25, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()

5.3

CVE-2024-32799

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AppPresser <= 4.3.0 - Missing Authorization

5.3

CVE-2024-32776

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

VK Block Patterns <= 1.31.0 - Missing Authorization

5.3

CVE-2024-32826

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP Club Manager <= 2.2.11 - Missing Authorization

5.3

CVE-2024-32719

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization

4.3

CVE-2024-32081

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Compress – Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery

4.3

CVE-2024-32106

Apr 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off()

4.3

CVE-2024-31374

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization

4.3

CVE-2024-31423

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Link Whisper Free <= 0.6.9

4.3

CVE-2024-31934

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2024-31925

Apr 10, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization

5.3

CVE-2024-31352

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EmbedPress <= 3.9.11 - Missing Authorization

5.3

CVE-2024-31274

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler

5.3

CVE-2024-31230

Apr 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
RomethemeKit For Elementor <= 1.4.1 - Missing Authorization	CVE-2024-33919	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024
JW Player for WordPress <= 2.3.3 - Missing Authorization	CVE-2024-33931	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024
WTI Like Post <= 1.4.6 - IP Spoofing	CVE-2024-33917	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024
Social Share Icons & Social Share Buttons <= 3.6.2 - Missing Authorization to Notice Dismissal	CVE-2024-32820	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 29, 2024
WP GDPR Compliance <= 2.0.23 - Cross-Site Request Forgery	CVE-2024-33682	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 26, 2024
SSU <= 1.5.0 - Missing Authorization	CVE-2024-33597	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 25, 2024
Secure Copy Content Protection and Content Locking <= 3.9.0 - Missing Authorization	CVE-2024-33587	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 25, 2024
Easy Property Listings <= 3.5.3 - Missing Authorization via epl_update_listing_coordinates()	CVE-2024-32799	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
AppPresser <= 4.3.0 - Missing Authorization	CVE-2024-32776	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
VK Block Patterns <= 1.31.0 - Missing Authorization	CVE-2024-32826	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
WP Club Manager <= 2.2.11 - Missing Authorization	CVE-2024-32719	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization	CVE-2024-32081	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 11, 2024
WP Compress – Image Optimizer [All-In-One] <= 6.10.35 - Cross-Site Request Forgery	CVE-2024-32106	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 11, 2024
AppPresser <= 4.3.0 - Cross-Site Request Forgery via force_logging_off()	CVE-2024-31374	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
WP Accessibility Helper (WAH) <= 0.6.2.5 - Missing Authorization	CVE-2024-31423	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 10, 2024
Link Whisper Free <= 0.6.9	CVE-2024-31934	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
F4 Improvements <= 1.8.0 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2024-31925	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	April 10, 2024
Email Subscribers & Newsletters <= 5.7.13 - Missing Authorization	CVE-2024-31352	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
EmbedPress <= 3.9.11 - Missing Authorization	CVE-2024-31274	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
ShortPixel Adaptive Images <= 3.8.2 - Missing Authorization in activate_ai_handler and deactivate_ai_handler	CVE-2024-31230	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 2, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation