Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Wordfence Intelligence > Vulnerability Researchers > Marek Mikita

Marek Mikita

163

All Time Ranking

All Time Discoveries

90 Day Published Submissions

N/A

Last Published Submission

Is this you? Register as a researcher today to add more public profile details here!

Showing 1-20 of 21 Vulnerabilities

WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery

6.1

CVE-2024-53761

Nov 28, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Royal Elementor Addons <= 1.7.1006 - Authenticated (Admin+) Server Side Request Forgery

5.5

CVE-2025-26990

Apr 11, 2025

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

WP Optin Wheel <= 1.4.7 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2025-31824

Apr 1, 2025

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Metform <= 3.9.2 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2025-30914

Mar 27, 2025

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Comment Edit Core – Simple Comment Editing <= 3.0.33 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2025-24703

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Chained Quiz <= 1.3.2.9 - Authenticated (Admin+) Server-Side Request Forgery

5.5

CVE-2025-24701

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N

Real Estate Manager – Property Listing and Agent Management <= 7.3 - CAPTCHA Bypass

5.3

CVE-2025-22645

Feb 3, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Hestia Nginx Cache <= 2.4.0 - Missing Authorization

5.3

CVE-2024-56236

Dec 30, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion

5.3

CVE-2024-52485

Dec 16, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

PixProof <= 2.0.1 - Missing Authorization

5.3

CVE-2024-54417

Dec 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection

4.9

CVE-2024-51672

Nov 1, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Survey Maker <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

4.4

CVE-2024-50426

Oct 24, 2024

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Automatic Featured Images from Videos <= 1.2.4 - Missing Authorization

4.3

CVE-2025-31820

Apr 1, 2025

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery

4.3

CVE-2025-24546

Jan 24, 2025

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Arabic Webfonts <= 1.4.6 - Missing Authorization

4.3

CVE-2024-54402

Dec 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery

4.3

CVE-2024-54356

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

News Ticker for Elementor <= 2.1.3 - Missing Authorization

4.3

CVE-2024-54278

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

BuddyPress Groups Extras <= 3.6.10 - Cross-Site Request Forgery

4.3

CVE-2025-24538

Nov 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Photo Gallery Builder <= 3.0 - Missing Authorization

4.3

CVE-2024-49325

Oct 17, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Linked Variation for WooCommerce <= 1.0.5 - Cross-Site Request Forgery

4.3

CVE-2024-48047

Oct 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
WP Revisions Manager <= 1.0.2 - Cross-Site Request Forgery	CVE-2024-53761	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	November 28, 2024
Royal Elementor Addons <= 1.7.1006 - Authenticated (Admin+) Server Side Request Forgery	CVE-2025-26990	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 11, 2025
WP Optin Wheel <= 1.4.7 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2025-31824	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	April 1, 2025
Metform <= 3.9.2 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2025-30914	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	March 27, 2025
Comment Edit Core – Simple Comment Editing <= 3.0.33 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2025-24703	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 24, 2025
Chained Quiz <= 1.3.2.9 - Authenticated (Admin+) Server-Side Request Forgery	CVE-2025-24701	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	January 24, 2025
Real Estate Manager – Property Listing and Agent Management <= 7.3 - CAPTCHA Bypass	CVE-2025-22645	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 3, 2025
Hestia Nginx Cache <= 2.4.0 - Missing Authorization	CVE-2024-56236	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 30, 2024
WP Menu Image <= 2.2 - Missing Authorization to Unauthenticated Menu Image Deletion	CVE-2024-52485	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 16, 2024
PixProof <= 2.0.1 - Missing Authorization	CVE-2024-54417	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 12, 2024
BetterLinks <= 2.1.7 - Authenticated (Administrator+) SQL Injection	CVE-2024-51672	4.9	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N	November 1, 2024
Survey Maker <= 5.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2024-50426	4.4	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N	October 24, 2024
Automatic Featured Images from Videos <= 1.2.4 - Missing Authorization	CVE-2025-31820	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 1, 2025
Ultimate Coming Soon & Maintenance <= 1.0.9 - Cross-Site Request Forgery	CVE-2025-24546	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 24, 2025
Arabic Webfonts <= 1.4.6 - Missing Authorization	CVE-2024-54402	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 12, 2024
Online Booking & Scheduling Calendar for WordPress by vcita <= 4.5 - Cross-Site Request Forgery	CVE-2024-54356	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 11, 2024
News Ticker for Elementor <= 2.1.3 - Missing Authorization	CVE-2024-54278	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 11, 2024
BuddyPress Groups Extras <= 3.6.10 - Cross-Site Request Forgery	CVE-2025-24538	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 8, 2024
Photo Gallery Builder <= 3.0 - Missing Authorization	CVE-2024-49325	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	October 17, 2024
Linked Variation for WooCommerce <= 1.0.5 - Cross-Site Request Forgery	CVE-2024-48047	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 14, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

Marek Mikita

Showing 1-20 of 21 Vulnerabilities

Share this researcher's vulnerability discoveries

Cookie Options

Strictly Necessary

Performance/Analytical

Targeting