💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

416

All Time Discoveries

90 Day Published Submissions

11 Dec '24

Last Published Submission

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 21-40 of 416 Vulnerabilities

CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting

6.1

CVE-2024-54325

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Media Downloader <= 0.4.7.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-54322

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

SMSify <= 6.0.4 - Reflected Cross-Site Scripting

6.1

CVE-2024-54324

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

LDD Directory Lite <= 3.3 - Reflected Cross-Site Scripting

6.1

CVE-2024-54288

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

WP Mega Menu <= 1.4.2 - Authenticated (Administrator+) PHP Object Injection

7.2

CVE-2024-54282

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WPCargo Track & Trace <= 7.0.6 - Missing authorization to Authenticated (Subscriber+) Settings Update

4.3

CVE-2024-54271

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Gou Manage My Account Menu <= 1.0.1.8 - Missing Authorization

5.3

CVE-2024-54310

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update

8.8

CVE-2024-54352

Dec 11, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion

4.3

CVE-2024-11353

Dec 6, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Mailster <= 1.8.16.0 - Missing Authorization

6.5

CVE-2024-53803

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Church Admin <= 5.0.8 - Missing Authorization

5.3

CVE-2024-53795

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure

4.3

CVE-2024-53799

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion

5.4

CVE-2024-53798

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure

5.3

CVE-2024-53804

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Maspik – Spam blacklist <= 2.2.7 - Cross-Site Request Forgery to Plugin Settings Change

4.3

CVE-2024-53806

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

WP Mailster <= 1.8.16.0 - Missing Authorization

7.5

CVE-2024-53805

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Quiz <= 1.1 - Missing Authorization

6.5

CVE-2024-53708

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure

4.3

CVE-2024-11355

Nov 21, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion

4.3

CVE-2024-11354

Nov 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation

8.8

CVE-2024-52488

Nov 20, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Title	CVE ID	CVSS	Vector	Date
CarDealerPress <= 6.6.2410.02 - Reflected Cross-Site Scripting	CVE-2024-54325	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 11, 2024
Media Downloader <= 0.4.7.4 - Reflected Cross-Site Scripting	CVE-2024-54322	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 11, 2024
SMSify <= 6.0.4 - Reflected Cross-Site Scripting	CVE-2024-54324	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 11, 2024
LDD Directory Lite <= 3.3 - Reflected Cross-Site Scripting	CVE-2024-54288	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	December 11, 2024
WP Mega Menu <= 1.4.2 - Authenticated (Administrator+) PHP Object Injection	CVE-2024-54282	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	December 11, 2024
WPCargo Track & Trace <= 7.0.6 - Missing authorization to Authenticated (Subscriber+) Settings Update	CVE-2024-54271	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 11, 2024
Gou Manage My Account Menu <= 1.0.1.8 - Missing Authorization	CVE-2024-54310	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 11, 2024
Sogrid <= 1.5.2 - Cross-Site Request Forgery to Arbitrary Options Update	CVE-2024-54352	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	December 11, 2024
SMS for Lead Capture Forms <= 1.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion	CVE-2024-11353	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	December 6, 2024
WP Mailster <= 1.8.16.0 - Missing Authorization	CVE-2024-53803	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	December 2, 2024
Church Admin <= 5.0.8 - Missing Authorization	CVE-2024-53795	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	December 2, 2024
FloristPress <= 7.3.0 - Missing Authorization to Sensitive Data Exposure	CVE-2024-53799	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	December 2, 2024
FloristPress <= 7.3.0 - Missing Authorization to Arbitrary Content Deletion	CVE-2024-53798	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L	December 2, 2024
WP Mailster <= 1.8.16.0 - Unauthenticated Information Exposure	CVE-2024-53804	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	December 2, 2024
Maspik – Spam blacklist <= 2.2.7 - Cross-Site Request Forgery to Plugin Settings Change	CVE-2024-53806	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	December 2, 2024
WP Mailster <= 1.8.16.0 - Missing Authorization	CVE-2024-53805	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	December 2, 2024
AI Quiz <= 1.1 - Missing Authorization	CVE-2024-53708	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 22, 2024
Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Setting Exposure	CVE-2024-11355	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	November 21, 2024
Ultimate YouTube Video & Shorts Player With Vimeo <= 3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Playlist/Video Deletion	CVE-2024-11354	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	November 20, 2024
Multiple Themes - Authenticated (Subscriber+) Arbitrary Plugin Activation and Deactivation	CVE-2024-52488	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	November 20, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation