💥 Time to wrap up this year and kick-off the new year with a bang! We’re wrapping up the year with our End of Year Holiday Extravaganza, High-Risk Bonus Blitz Challenge, and Superhero Challenge for the Wordfence Bug Bounty Program.

Through January 6th, 2025, our program has an expanded scope for all researchers with a new lower active install count threshold, automatic bonuses for in-scope submissions, an extra bonus for those focusing on high-risk vulnerabilities, a minimum bounty for all submissions, increased pending report limits, and our rewards remain as high as $31,200.

Review what's in scope for your tier and updated bounties with bonuses here!

Wordfence Intelligence > Vulnerability Researchers > Mika

Mika

All Time Ranking

416

All Time Discoveries

90 Day Published Submissions

11 Dec '24

Last Published Submission

2 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 61-80 of 416 Vulnerabilities

License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-48742

Nov 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery

7.2

CVE-2023-46207

Oct 19, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting

7.2

CVE-2023-41860

Sep 5, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'

7.2

CVE-2023-41685

Sep 4, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection

7.2

CVE-2023-34168

May 30, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'

7.2

CVE-2023-33924

May 23, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-32128

May 5, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2023-27605

Apr 14, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby

7.2

CVE-2023-27610

Apr 6, 2023

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection

7.2

CVE-2022-46803

Jan 27, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-43462

Oct 24, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection

7.2

CVE-2022-3131

Sep 20, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload

7.2

CVE-2022-3076

Sep 5, 2022

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions

7.1

CVE-2023-27424

Apr 24, 2023

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L

Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection

6.6

CVE-2023-50843

Dec 21, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby

6.6

CVE-2023-48764

Nov 28, 2023

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Spreadr Woocommerce <= 1.0.4 - Missing Authorization

6.5

CVE-2024-56009

Dec 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

WP Mailster <= 1.8.16.0 - Missing Authorization

6.5

CVE-2024-53803

Dec 2, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Quiz <= 1.1 - Missing Authorization

6.5

CVE-2024-53708

Nov 22, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin

6.5

CVE-2024-24849

Feb 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Title	CVE ID	CVSS	Vector	Date
License Manager for WooCommerce <= 2.2.10 - Authenticated (Administrator+) SQL Injection	CVE-2023-48742	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	November 23, 2023
Motors – Car Dealer & Classified Ads <= 1.4.6 - Server Side Request Forgery	CVE-2023-46207	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	October 19, 2023
Travel Map <= 1.0.1 - Unauthenticated Cross-Site Scripting	CVE-2023-41860	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	September 5, 2023
Woocommerce Support System <= 1.2.1 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-41685	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 4, 2023
WP Report Post <= 2.1.2 - Authenticated (Editor+) SQL Injection	CVE-2023-34168	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 30, 2023
SIS Handball <= 1.0.45 - Authenticated (Administrator+) SQL Injection via 'orderby'	CVE-2023-33924	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 23, 2023
Cryptocurrency Donation Box – Bitcoin & Crypto Donations <= 2.2.7 - Authenticated (Administrator+) SQL Injection	CVE-2023-32128	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	May 5, 2023
WP Reroute Email <= 1.4.6 - Authenticated (Administrator+) SQL Injection	CVE-2023-27605	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 14, 2023
Transbank Webpay REST <= 1.6.6 - Authenticated (Administrator+) SQL Injection via orderby	CVE-2023-27610	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	April 6, 2023
Simple Newsletter Plugin – Noptin <= 1.10.3 - Unauthenticated CSV Injection	CVE-2022-46803	7.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N	January 27, 2023
IP Blacklist Cloud <= 5.00 - Authenticated (Administrator+) SQL Injection	CVE-2022-43462	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	October 24, 2022
Search Logger <= 0.9 - Authenticated (Administrator+) SQL Injection	CVE-2022-3131	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 20, 2022
CM Download Manager <= 2.8.5 - Authenticated (Administrator+) Arbitrary File Upload	CVE-2022-3076	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 5, 2022
Inactive User Deleter <= 1.59 - Cross-Site Request Forgery via Multiple Functions	CVE-2023-27424	7.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L	April 24, 2023
Clockwork SMS Notfications <= 3.0.4 - Authenticated(Administrator+) SQL Injection	CVE-2023-50843	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	December 21, 2023
WordPress Brute Force Protection – Stop Brute Force Attacks <= 2.2.5 - Authenticated (Administrator+) SQL Injection via orderby	CVE-2023-48764	6.6	CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H	November 28, 2023
Spreadr Woocommerce <= 1.0.4 - Missing Authorization	CVE-2024-56009	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	December 14, 2024
WP Mailster <= 1.8.16.0 - Missing Authorization	CVE-2024-53803	6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H	December 2, 2024
AI Quiz <= 1.1 - Missing Authorization	CVE-2024-53708	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N	November 22, 2024
Quicksand Post Filter jQuery Plugin <= 3.1.1 - Cross-Site Request Forgery via renderAdmin	CVE-2024-24849	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 2, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation