Mika

Say thanks

6471.83

XP

691

Reports

0

Reports, last 90 days

#66

17 Dec, 2025

Lvl 8

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WP Plugin Manager<= 1.4.7 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.5 Cross Site Request Forgery (CSRF)	0.54	4.3	No date
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.5 Broken Access Control	5.4	5.4	No date
WP Microdata<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	No date
Custom Post Type Images<= 0.5 Cross Site Request Forgery (CSRF)	N/A	9.6	Aug 6, 2025
Simple Text Slider<= 1.0.5 Cross Site Scripting (XSS)	N/A	6.5	Jun 27, 2025
Translate This gTranslate Shortcode<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	Jun 27, 2025
Woocommerce Gifts Product<= 1.0.0 Cross Site Request Forgery (CSRF)	N/A	6.5	Jun 12, 2025
Aparat Video Shortcode<= 0.2.4 Cross Site Scripting (XSS)	N/A	6.5	Jun 26, 2025
WP Github Gist<= 0.5 Cross Site Scripting (XSS)	N/A	6.5	Jun 23, 2025
Simple Price Calculator<= 1.3 Broken Access Control	N/A	6.5	Jun 19, 2025
Master Paper Collapse Toggle<= 1.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 18, 2025
SimaCookie<= 1.3.2 Cross Site Request Forgery (CSRF)	1.63	6.5	Jun 18, 2025
SimaCookie<= 1.3.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 18, 2025
Easy Download Media Counter<= 1.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 23, 2025
金数据<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	Jun 25, 2025
WordPress Events Calendar Plugin – connectDaily<= 1.5.5 Cross Site Scripting (XSS)	N/A	6.5	Jun 26, 2025
WPB Image Widget<= 1.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 23, 2025
Boxed Content<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	Jun 19, 2025
Smooth Accordion<= 2.1 Cross Site Scripting (XSS)	N/A	6.5	Jun 20, 2025
SS Font Awesome Icon<= 4.1.3 Cross Site Scripting (XSS)	N/A	6.5	Jun 20, 2025
FW Anker<= 1.2.6 Cross Site Scripting (XSS)	N/A	6.5	Jun 19, 2025
Parallax Scrolling Enllax.js<= 0.0.6 Cross Site Request Forgery (CSRF)	N/A	4.3	Jun 20, 2025
Parallax Scrolling Enllax.js<= 0.0.6 Cross Site Scripting (XSS)	N/A	6.5	Jun 20, 2025
UPC/EAN/GTIN Code Generator<= 2.0.2 Arbitrary File Deletion	11.55	7.7	Dec 20, 2024
多说社会化评论框<= 1.2 Cross Site Request Forgery (CSRF)	N/A	4.3	Aug 7, 2025
Elizaibots<= 1.0.2 Cross Site Scripting (XSS)	N/A	6.5	Jun 26, 2025
WPDM – Premium Packages<= 6.0.2 Cross Site Request Forgery (CSRF)	2.15	4.3	May 12, 2025
Netease Music<= 3.2.1 Broken Access Control	N/A	4.3	Jun 30, 2025
Porn Videos Embed<= 0.9.1 Cross Site Scripting (XSS)	3.66	6.5	Jun 20, 2025
LeadBI Plugin for WordPress<= 1.7 Cross Site Scripting (XSS)	N/A	6.5	Jun 18, 2025
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin<= 4.48 Broken Access Control	N/A	4.3	Jun 30, 2025
Chatbox Manager<= 1.2.5 Broken Access Control	4.05	5.4	Jun 11, 2025
Evergreen Content Poster<= 1.4.5 Cross Site Request Forgery (CSRF)	0.93	4.3	No date
Trust Payments Gateway for WooCommerce (JavaScript Library)<= 1.3.6 Cross Site Request Forgery (CSRF)	N/A	4.3	May 21, 2025
MF Plus WPML<= 1.1 Settings Change	N/A	6.5	Apr 29, 2025
Melapress File Monitor< 2.2.0 Broken Access Control	6.21	5.4	Nov 20, 2024
WC Pickup Store<= 1.8.9 Settings Change	13	6.5	Apr 1, 2025
CM On Demand Search And Replace<= 1.5.4 Broken Access Control	4.95	4.3	No date
Contact Form – 7 : Hide Success Message<= 1.1.4 Broken Access Control	N/A	5.3	May 15, 2025
Dashboard Widget Sidebar<= 1.2.3 Broken Access Control	3.23	4.3	May 22, 2025
WP YouTube Live<= 1.10.0 Cross Site Request Forgery (CSRF)	2.15	4.3	May 22, 2025
Zara 4 Image Compression<= 1.2.17.2 Broken Access Control	N/A	4.3	May 16, 2025
eDS Responsive Menu<= 1.2 Broken Access Control	N/A	4.3	May 16, 2025
Contact Form 7 AWeber Extension<= 0.1.40 Broken Access Control	N/A	5.3	May 19, 2025
WooCommerce Fortnox Integration<= 4.5.5 Broken Access Control	N/A	5.4	May 20, 2025
WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Chec<= 1.2.4.5 Broken Access Control	N/A	5.4	May 20, 2025
Mailing Group Listserv<= 3.0.5 Cross Site Request Forgery (CSRF)	1.63	6.5	May 13, 2025
Real Estate Manager<= 7.3 Cross Site Request Forgery (CSRF)	2.44	6.5	May 16, 2025
WP Front User Submit / Front Editor<= 5.0.0 Cross Site Request Forgery (CSRF)	1.78	7.1	May 20, 2025
Import YouTube videos as WP Posts<= 2.1 Broken Access Control	7.5	7.5	May 21, 2025
WP Dummy Content Generator<= 3.4.6 Arbitrary Content Deletion	7.48	6.5	Nov 21, 2024
CubeWP Forms<= 1.1.5 Broken Access Control	4.3	4.3	May 22, 2025
Advanced Settings<= 3.0.1 Cross Site Request Forgery (CSRF)	N/A	4.3	May 15, 2025
MultiVendorX<= 4.2.23 Broken Access Control	19.78	8.6	May 13, 2025
Min Max Step Quantity Limits Manager for WooCommerce<= 5.1.0 Cross Site Request Forgery (CSRF)	2.15	4.3	May 31, 2025
WP-CRM System<= 3.4.2 Broken Access Control	10.6	5.3	May 21, 2025
Market Exporter<= 2.0.22 Cross Site Request Forgery (CSRF)	2.15	4.3	May 19, 2025
Verge3D<= 4.9.4 Broken Access Control	7.95	5.3	May 16, 2025
Woo Slider Pro<= 1.12 Arbitrary Content Deletion	3.25	6.5	May 16, 2025
Front End Users<= 3.2.35 Broken Access Control	10.8	5.4	Dec 13, 2024
Product Quantity Dropdown For Woocommerce<= 1.2 Cross Site Request Forgery (CSRF)	N/A	4.3	Apr 29, 2025
Simple File List<= 6.1.13 Settings Change	10.6	5.3	Apr 1, 2025
WP Logger<= 2.2 Broken Access Control	5.4	5.4	Nov 29, 2024
AI Text to Speech<= 3.0.3 Broken Access Control	14.95	6.5	Nov 25, 2024
Church Admin<= 5.0.9 Sensitive Data Exposure	9.89	4.3	Nov 25, 2024
WooCommerce Product Table Lite<= 3.9.5 Broken Access Control	8.6	4.3	Mar 3, 2025
Barcode Generator for WooCommerce<= 2.0.4 Arbitrary Content Deletion	7.5	7.5	Nov 26, 2024
T&P Gallery Slider<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	Nov 28, 2024
Add Product Frontend for WooCommerce<= 1.0.8 Arbitrary Content Deletion	16.4	8.2	Dec 31, 2024
WooCommerce Loyal Customers<= 2.6 Broken Access Control	15	7.5	Dec 2, 2024
Fazyvo<= 1.6 Cross Site Scripting (XSS)	14.2	7.1	Oct 29, 2024
Industrial Lite<= 1.0.8 Broken Access Control	N/A	4.3	Oct 29, 2024
AT Internet SmartTag<= 0.2 Cross Site Scripting (XSS)	14.2	7.1	Oct 15, 2024
Simple WP Events<= 1.8.17 Sensitive Data Exposure	15	7.5	Dec 31, 2024
WordPress Health and Server Condition – Integrated with Google Page Speed<= 4.1.1 Cross Site Scripting (XSS)	14.2	7.1	Oct 31, 2024
Simple WP Events<= 1.8.17 Arbitrary File Deletion	22.5	7.5	Oct 21, 2024
Internal Link Optimiser<= 5.1.2 Settings Change	13	6.5	Dec 16, 2024
SEO Help<= 6.7.2 Broken Access Control	13	6.5	Nov 30, 2024
Broadstreet Ads<= 1.52.4 Cross Site Scripting (XSS)	6.5	6.5	Nov 30, 2024
Live Forms<= 4.8.5 Broken Access Control	8.6	4.3	Nov 26, 2024
Table Block by RioVizual<= 2.3.1 Cross Site Request Forgery (CSRF)	2.15	4.3	Dec 2, 2024
DethemeKit For Elementor<= 2.1.10 Broken Access Control	21.2	5.3	Aug 20, 2024
Simple Website Logo<= 1.1 Broken Access Control	10.6	5.3	Nov 30, 2024
SurveyJS<= 1.12.20 Broken Access Control	10.6	5.3	Jan 10, 2025
Jetpack Feedback Exporter<= 1.23 Sensitive Data Exposure	N/A	5.3	Mar 28, 2025
MasterStudy LMS<= 3.5.28 Broken Access Control	4.3	4.3	Nov 6, 2024
Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products V<= 1.9 Broken Access Control	4.3	4.3	Nov 26, 2024
AdMail – Multilingual Back in-Stock Notifier for WooCommerce<= 1.7.0 Broken Access Control	N/A	4.3	Dec 30, 2024
eaSYNC<= 1.3.19 Broken Access Control	N/A	5.4	Dec 31, 2024
Colibri Page Builder<= 1.0.329 Cross Site Scripting (XSS)	19.5	6.5	Nov 15, 2024
Small Package Quotes – Worldwide Express Edition<= 5.2.19 Broken Access Control	13	6.5	Dec 31, 2024
Payday<= 3.3.18 Broken Access Control	11.6	5.8	Nov 28, 2024
WR Price List Manager For Woocommerce<= 1.0.8 Broken Access Control	5.4	5.4	Dec 3, 2024
Free Woocommerce Product Table View<= 1.78 Arbitrary Content Deletion	6.5	6.5	Nov 26, 2024
Residential Address Detection<= 2.5.4 Broken Access Control	13	6.5	Dec 31, 2024
WooTumblog<= 2.1.4 Content Injection	13	6.5	Nov 27, 2024
Clients<= 1.1.4 Broken Access Control	6.4	6.4	Nov 27, 2024
Minimalistic Event Manager<= 1.1.1 Broken Access Control	6.4	6.4	Nov 27, 2024
Tiger<= 2.0 Cross Site Scripting (XSS)	6.5	6.5	Oct 29, 2024

Report vulnerabilities to earn bounties and rewards!

Include pending