Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > johska

johska

All Time Ranking

All Time Discoveries

90 Day Published Submissions

1 Apr '25

Last Published Submission

4 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 75 Vulnerabilities

wp secure <= 1.2 - Reflected Cross-Site Scripting

6.1

CVE-2025-32490

Apr 10, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FireDrum Email Marketing <= 1.64 - Reflected Cross-Site Scripting

6.1

CVE-2025-31018

Apr 10, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Planification <= 2.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32484

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Language Field <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31382

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Script Compressor <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31391

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP SexyLightBox <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32478

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP-Easy Menu <= 0.41 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32477

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WS Audio Player <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31400

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Nino Social Connect <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32481

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

NewsBoard Post and RSS Scroller <= 1.2.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31402

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

More Mime Type Filters <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31394

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

MMX – Make Me Christmas <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31401

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

FrescoChat Live Chat <= 3.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31383

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Flags Widget <= 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32479

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Easy Custom CSS <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31395

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32482

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Comment Validation Reloaded <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31026

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CG Scroll To Top <= 3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31399

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AF Tell a Friend <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-31404

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Advanced Tag Lists <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

6.1

CVE-2025-32476

Apr 9, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
wp secure <= 1.2 - Reflected Cross-Site Scripting	CVE-2025-32490	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 10, 2025
FireDrum Email Marketing <= 1.64 - Reflected Cross-Site Scripting	CVE-2025-31018	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 10, 2025
WP-Planification <= 2.3.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32484	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Language Field <= 0.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31382	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Script Compressor <= 1.7.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31391	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
WP SexyLightBox <= 0.5.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32478	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
WP-Easy Menu <= 0.41 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32477	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
WS Audio Player <= 1.1.8 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31400	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Nino Social Connect <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32481	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
NewsBoard Post and RSS Scroller <= 1.2.12 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31402	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
More Mime Type Filters <= 0.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31394	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
MMX – Make Me Christmas <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31401	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
FrescoChat Live Chat <= 3.2.6 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31383	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Flags Widget <= 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32479	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Easy Custom CSS <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31395	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32482	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Comment Validation Reloaded <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31026	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
CG Scroll To Top <= 3.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31399	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
AF Tell a Friend <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-31404	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025
Advanced Tag Lists <= 1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2025-32476	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	April 9, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

johska

4 Achievements

Showing 1-20 of 75 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting