🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

305

All Time Discoveries

Showing 61-80 of 305 Vulnerabilities

License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48742

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48741

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Maspik – Spam blacklist <= 0.10.3 - Bypass

5.3

CVE-2023-48271

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log

6.1

CVE-2023-48272

Nov 21, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings

5.3

CVE-2023-47832

Nov 16, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log

5.3

CVE-2023-40600

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery

4.3

CVE-2023-47765

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Maintenance <= 6.1.3 - IP Restriction Bypass

5.3

CVE-2023-47769

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Japanized For WooCommerce <= 2.6.4 - Missing Authorization

6.5

CVE-2023-47698

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Podlove Web Player <= 5.7.3 - Missing Authorization

6.5

CVE-2023-47691

Nov 9, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2023-47664

Nov 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Plainview Protect Passwords <= 1.4 - Reflected Cross-Site Scripting

6.1

CVE-2023-47665

Nov 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2023-47245

Nov 7, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure

5.3

CVE-2023-47244

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization

5.3

CVE-2023-47241

Nov 7, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

6.4

CVE-2023-47229

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions

7.5

CVE-2023-47224

Nov 3, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Feather Login Page <= 1.1.3 - Cross-Site Request Forgery

4.3

CVE-2023-46777

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery

4.3

CVE-2023-46638

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Product Recommendation Quiz for eCommerce <= 2.1.0 - Missing Authorization in prq_set_token

6.5

CVE-2023-46631

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Title	CVE ID	CVSS	Vector	Date
License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection	CVE-2023-48742	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
ChatBot <= 4.7.8 - Authenticated (Administrator+) SQL Injection	CVE-2023-48741	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
Maspik – Spam blacklist <= 0.10.3 - Bypass	CVE-2023-48271	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	November 21, 2023
Maspik – Spam blacklist <= 0.9.2 - Unauthenticated Stored Cross-Site Scripting via efas_add_to_log	CVE-2023-48272	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 21, 2023
SearchIQ <= 4.4 - Missing Authorization via getSIQPluginSettings	CVE-2023-47832	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 16, 2023
EWWW Image Optimizer <= 7.2.0 - Unauthenticated Sensitive Information Exposure via Debug Log	CVE-2023-40600	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 14, 2023
CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery	CVE-2023-47765	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
WP Maintenance <= 6.1.3 - IP Restriction Bypass	CVE-2023-47769	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 14, 2023
Japanized For WooCommerce <= 2.6.4 - Missing Authorization	CVE-2023-47698	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 9, 2023
Podlove Web Player <= 5.7.3 - Missing Authorization	CVE-2023-47691	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 9, 2023
Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery	CVE-2023-47664	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 8, 2023
Plainview Protect Passwords <= 1.4 - Reflected Cross-Site Scripting	CVE-2023-47665	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 8, 2023
ANAC XML Viewer <= 1.7 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2023-47245	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	November 7, 2023
Email Marketing for WooCommerce by Omnisend <= 1.13.8 - Sensitive Information Exposure	CVE-2023-47244	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 7, 2023
CoCart – Headless ecommerce <= 3.11.2 - Missing Authorization	CVE-2023-47241	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	November 7, 2023
Download Top 25 Social Icons <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-47229	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 3, 2023
WP Travel <= 7.7.0 - Missing Authorization via Multiple AJAX Actions	CVE-2023-47224	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	November 3, 2023
Feather Login Page <= 1.1.3 - Cross-Site Request Forgery	CVE-2023-46777	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 26, 2023
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery	CVE-2023-46638	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2023
Product Recommendation Quiz for eCommerce <= 2.1.0 - Missing Authorization in prq_set_token	CVE-2023-46631	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L	October 25, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation