🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

305

All Time Discoveries

Showing 41-60 of 305 Vulnerabilities

Send Users Email <= 1.4.3 - Sensitive Information Exposure via Error Logs

5.3

CVE-2023-52126

Dec 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Conversios.io <= 6.5.0 - Missing Authorization

5.3

CVE-2023-51357

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

MStore API <= 4.10.1 - Cross-Site Request Forgery

4.3

CVE-2023-50878

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan

4.3

CVE-2023-50858

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery

4.3

CVE-2023-50861

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-50843

Dec 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting

4.4

CVE-2023-51548

Dec 9, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-49770

Dec 5, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting

6.1

CVE-2023-49771

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery

4.3

CVE-2023-49769

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Webflow Pages <= 1.0.8 - Missing Authorization

5.3

CVE-2023-49818

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure

5.3

CVE-2023-49762

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49764

Dec 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip

5.3

CVE-2023-49741

Dec 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure

5.3

CVE-2023-49194

Dec 1, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-49166

Nov 29, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby

6.6

CVE-2023-48764

Nov 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions

5.4

CVE-2023-41671

Nov 28, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip

5.3

CVE-2023-41134

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass

5.3

CVE-2023-48753

Nov 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Send Users Email <= 1.4.3 - Sensitive Information Exposure via Error Logs	CVE-2023-52126	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 28, 2023
Conversios.io <= 6.5.0 - Missing Authorization	CVE-2023-51357	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 26, 2023
MStore API <= 4.10.1 - Cross-Site Request Forgery	CVE-2023-50878	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 26, 2023
Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan	CVE-2023-50858	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 22, 2023
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery	CVE-2023-50861	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 22, 2023
Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection	CVE-2023-50843	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
SlickNav Mobile Menu <= 1.9.2 - Authenticated (Admin+) Stored Cross-Site Scripting	CVE-2023-51548	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 9, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-49770	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	December 5, 2023
Smart External Link Click Monitor [Link Log] <= 5.0.2 - Reflected Cross-Site Scripting	CVE-2023-49771	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 5, 2023
Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery	CVE-2023-49769	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2023
Webflow Pages <= 1.0.8 - Missing Authorization	CVE-2023-49818	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 5, 2023
AppMySite <= 3.11.0 - Unauthenticated Information Disclsoure	CVE-2023-49762	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 4, 2023
Advanced Database Cleaner <= 3.1.2 - Authenticated (Administrator+) SQL Injection	CVE-2023-49764	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 4, 2023
Coming soon and Maintenance mode <= 3.7.3 - IP Address Spoofing via get_real_ip	CVE-2023-49741	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 1, 2023
Importify <= 1.0.4 - Unauthenticated Sensitive Information Exposure	CVE-2023-49194	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 1, 2023
MSync <= 1.0.0 - Authenticated (Administrator+) SQL Injection	CVE-2023-49166	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 29, 2023
WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby	CVE-2023-48764	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	November 28, 2023
Abandoned Cart Lite for WooCommerce <= 5.16.1 - Missing Authorization via multiple AJAX functions	CVE-2023-41671	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	November 28, 2023
Antispam Bee <= 2.11.3 - IP Address Spoofing via get_client_ip	CVE-2023-41134	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 27, 2023
Restricted Site Access <= 7.4.1 - IP Spoofing to Protection Mechanism Bypass	CVE-2023-48753	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 27, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation