💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

416

All Time Discoveries

90 Day Published Submissions

11 Dec '24

Last Published Submission

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 21-40 of 416 Vulnerabilities

de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVE-2024-11443

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

KH Easy User Settings <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation

8.8

CVE-2024-54365

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVE-2024-54379

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Quietly Insights <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVE-2024-54378

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2024-54352

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation

8.8

CVE-2024-52488

Nov 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Buying Buddy IDX CRM <= 1.1.12 - Cross-Site Request Forgery to PHP Object Injection

8.8

CVE-2024-52446

Nov 18, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation

8.8

CVE-2024-52429

Nov 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Writer Helper <= 3.1.6 - Authenticated (Subscriber+) Arbitrary File Upload

8.8

CVE-2024-52399

Nov 13, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SK WP Settings Backup <= 1.0 - Cross-Site Request Forgery to PHP Object Injection

8.8

CVE-2024-52415

Nov 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Namaste! LMS <= 2.6.3 - Authenticated (Subscriber+) PHP Object Injection

8.8

CVE-2024-50408

Oct 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

GERRYWORKS Post by Mail <= 1.0 - Contributor+ Privilege Escalation

8.8

CVE-2024-49608

Oct 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection

8.8

CVE-2024-31094

Mar 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2023-44478

Sep 28, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

PHP Execution <= 1.0.0 - Cross Site Request Forgery

8.8

CVE-2023-23879

Feb 2, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Admin Log <= 1.50 - Cross-Site Request Forgery

8.8

CVE-2023-23721

Jan 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Hover Image <= 1.4.1 - Cross-Site Request Forgery

8.8

CVE-2022-47611

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery

8.8

CVE-2022-46867

Jan 13, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery

8.8

CVE-2022-41650

Dec 5, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery

8.8

CVE-2022-44585

Nov 1, 2022

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
de:branding <= 1.0.2 - Authenticated (Subscriber+) Arbitrary Options Update	CVE-2024-11443	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
KH Easy User Settings <= 1.0.0 - Authenticated (Subscriber+) Privilege Escalation	CVE-2024-54365	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
Minterpress <= 1.0.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	CVE-2024-54379	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
Quietly Insights <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	CVE-2024-54378	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2024-54352	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 11, 2024
Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation	CVE-2024-52488	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2024
Buying Buddy IDX CRM <= 1.1.12 - Cross-Site Request Forgery to PHP Object Injection	CVE-2024-52446	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 18, 2024
WP Quick Setup <= 2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin/Theme Installation	CVE-2024-52429	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 15, 2024
Writer Helper <= 3.1.6 - Authenticated (Subscriber+) Arbitrary File Upload	CVE-2024-52399	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 13, 2024
SK WP Settings Backup <= 1.0 - Cross-Site Request Forgery to PHP Object Injection	CVE-2024-52415	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 13, 2024
Namaste! LMS <= 2.6.3 - Authenticated (Subscriber+) PHP Object Injection	CVE-2024-50408	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 24, 2024
GERRYWORKS Post by Mail <= 1.0 - Contributor+ Privilege Escalation	CVE-2024-49608	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	October 18, 2024
Filter Custom Fields & Taxonomies Light <= 1.05 - Authenticated (Contributor+) PHP Object Injection	CVE-2024-31094	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	March 29, 2024
Events Rich Snippets for Google <= 1.8 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2023-44478	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 28, 2023
PHP Execution <= 1.0.0 - Cross Site Request Forgery	CVE-2023-23879	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 2, 2023
Admin Log <= 1.50 - Cross-Site Request Forgery	CVE-2023-23721	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 19, 2023
Hover Image <= 1.4.1 - Cross-Site Request Forgery	CVE-2022-47611	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
Universal Star Rating <= 2.1.0 - Cross-Site Request Forgery	CVE-2022-46867	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	January 13, 2023
Custom Content by Country <= 3.1.2 - Cross-Site Request Forgery	CVE-2022-41650	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 5, 2022
Homepage PopUp <= 1.2.5 - Cross-Site Request Forgery	CVE-2022-44585	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	November 1, 2022

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation