💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

416

All Time Discoveries

90 Day Published Submissions

11 Dec '24

Last Published Submission

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 321-340 of 416 Vulnerabilities

Link Whisper Free <= 0.6.9

4.3

CVE-2024-31934

Apr 10, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Heureka <= 1.0.8 - Cross-Site Request Forgery

4.3

CVE-2024-25931

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Comments Like Dislike <= 1.2.2 - IP Spoofing

4.3

CVE-2024-25906

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Spell Check <= 9.17 - Cross-Site Request Forgery

4.3

CVE-2024-22143

Jan 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Products & Order Export for WooCommerce <= 2.0.7 - Missing Authorization

4.3

CVE-2024-31276

Jan 10, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

MStore API <= 4.10.1 - Cross-Site Request Forgery

4.3

CVE-2023-50878

Dec 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan

4.3

CVE-2023-50858

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery

4.3

CVE-2023-50861

Dec 22, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery

4.3

CVE-2023-49769

Dec 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery

4.3

CVE-2023-47765

Nov 14, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery

4.3

CVE-2023-47664

Nov 8, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Feather Login Page <= 1.1.3 - Cross-Site Request Forgery

4.3

CVE-2023-46777

Oct 26, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery

4.3

CVE-2023-46638

Oct 25, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery

4.3

CVE-2023-46190

Oct 18, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Comments Ratings <= 1.1.7 - Cross-Site Request Forgery

4.3

CVE-2023-45654

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery

4.3

CVE-2023-45656

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

PixFields <= 0.7.0 - Cross-Site Request Forgery

4.3

CVE-2023-45655

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Post Gallery <= 2.3.12 - Cross-Site Request Forgery

4.3

CVE-2023-45752

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery

4.3

CVE-2023-45653

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery

4.3

CVE-2023-45650

Oct 12, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Link Whisper Free <= 0.6.9	CVE-2024-31934	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 10, 2024
Heureka <= 1.0.8 - Cross-Site Request Forgery	CVE-2024-25931	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 20, 2024
Comments Like Dislike <= 1.2.2 - IP Spoofing	CVE-2024-25906	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 12, 2024
WP Spell Check <= 9.17 - Cross-Site Request Forgery	CVE-2024-22143	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	January 12, 2024
Products & Order Export for WooCommerce <= 2.0.7 - Missing Authorization	CVE-2024-31276	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	January 10, 2024
MStore API <= 4.10.1 - Cross-Site Request Forgery	CVE-2023-50878	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 26, 2023
Anti Hacker <= 4.34 - Cross-Site Request Forgery via antihacker_ajax_scan	CVE-2023-50858	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 22, 2023
HUSKY – Products Filter for WooCommerce (formerly WOOF) <= 1.3.4.3 - Cross-Site Request Forgery	CVE-2023-50861	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 22, 2023
Integrate Google Drive <= 1.3.4 - Cross-Site Request Forgery	CVE-2023-49769	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 5, 2023
CodeBard's Patron Button and Widgets for Patreon <= 2.1.9 - Cross-Site Request Forgery	CVE-2023-47765	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 14, 2023
Plainview Protect Passwords <= 1.4 - Cross-Site Request Forgery	CVE-2023-47664	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	November 8, 2023
Feather Login Page <= 1.1.3 - Cross-Site Request Forgery	CVE-2023-46777	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 26, 2023
WCP OpenWeather <= 2.5.0 - Cross-Site Request Forgery	CVE-2023-46638	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 25, 2023
Novo-Map : your WP posts on custom google maps <= 1.1.2 - Cross-Site Request Forgery	CVE-2023-46190	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 18, 2023
Comments Ratings <= 1.1.7 - Cross-Site Request Forgery	CVE-2023-45654	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Lazy Load for Videos <= 2.18.2 - Cross-Site Request Forgery	CVE-2023-45656	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
PixFields <= 0.7.0 - Cross-Site Request Forgery	CVE-2023-45655	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Post Gallery <= 2.3.12 - Cross-Site Request Forgery	CVE-2023-45752	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
Video Playlist For YouTube <= 6.1 - Cross-Site Request Forgery	CVE-2023-45653	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023
HTML5 Maps <= 1.7.1.4 - Cross-Site Request Forgery	CVE-2023-45650	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	October 12, 2023

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation