Mika

Say thanks

6,471.83

XP

691

Reports

0

Reports, last 90 days

#66

31 Mar, 2026

🇫🇷

Lvl 8

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WP Plugin Manager<= 1.4.7 Cross Site Request Forgery (CSRF)	0.54	4.3	14/10/2025
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.5 Cross Site Request Forgery (CSRF)	0.54	4.3	13/10/2025
Online Booking & Scheduling Calendar for WordPress by vcita<= 4.5.5 Broken Access Control	5.4	5.4	13/10/2025
WP Microdata<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	28/08/2025
Custom Post Type Images<= 0.5 Cross Site Request Forgery (CSRF)	N/A	9.6	06/08/2025
Simple Text Slider<= 1.0.5 Cross Site Scripting (XSS)	N/A	6.5	27/06/2025
Translate This gTranslate Shortcode<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	27/06/2025
Woocommerce Gifts Product<= 1.0.0 Cross Site Request Forgery (CSRF)	N/A	6.5	12/06/2025
Aparat Video Shortcode<= 0.2.4 Cross Site Scripting (XSS)	N/A	6.5	26/06/2025
WP Github Gist<= 0.5 Cross Site Scripting (XSS)	N/A	6.5	23/06/2025
Simple Price Calculator<= 1.3 Broken Access Control	N/A	6.5	19/06/2025
Master Paper Collapse Toggle<= 1.1 Cross Site Scripting (XSS)	N/A	6.5	18/06/2025
SimaCookie<= 1.3.2 Cross Site Request Forgery (CSRF)	1.63	6.5	18/06/2025
SimaCookie<= 1.3.2 Cross Site Scripting (XSS)	N/A	6.5	18/06/2025
Easy Download Media Counter<= 1.2 Cross Site Scripting (XSS)	N/A	6.5	23/06/2025
金数据<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	25/06/2025
WordPress Events Calendar Plugin – connectDaily<= 1.5.5 Cross Site Scripting (XSS)	N/A	6.5	26/06/2025
WPB Image Widget<= 1.1 Cross Site Scripting (XSS)	N/A	6.5	23/06/2025
Boxed Content<= 1.0 Cross Site Scripting (XSS)	N/A	6.5	19/06/2025
Smooth Accordion<= 2.1 Cross Site Scripting (XSS)	N/A	6.5	20/06/2025
SS Font Awesome Icon<= 4.1.3 Cross Site Scripting (XSS)	N/A	6.5	20/06/2025
FW Anker<= 1.2.6 Cross Site Scripting (XSS)	N/A	6.5	19/06/2025
Parallax Scrolling Enllax.js<= 0.0.6 Cross Site Request Forgery (CSRF)	N/A	4.3	20/06/2025
Parallax Scrolling Enllax.js<= 0.0.6 Cross Site Scripting (XSS)	N/A	6.5	20/06/2025
UPC/EAN/GTIN Code Generator<= 2.0.2 Arbitrary File Deletion	11.55	7.7	20/12/2024
多说社会化评论框<= 1.2 Cross Site Request Forgery (CSRF)	N/A	4.3	07/08/2025
Elizaibots<= 1.0.2 Cross Site Scripting (XSS)	N/A	6.5	26/06/2025
WPDM – Premium Packages<= 6.0.2 Cross Site Request Forgery (CSRF)	2.15	4.3	12/05/2025
Netease Music<= 3.2.1 Broken Access Control	N/A	4.3	30/06/2025
Porn Videos Embed<= 0.9.1 Cross Site Scripting (XSS)	3.66	6.5	20/06/2025
LeadBI Plugin for WordPress<= 1.7 Cross Site Scripting (XSS)	N/A	6.5	18/06/2025
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin<= 4.48 Broken Access Control	N/A	4.3	30/06/2025
Chatbox Manager<= 1.2.5 Broken Access Control	4.05	5.4	11/06/2025
Evergreen Content Poster<= 1.4.5 Cross Site Request Forgery (CSRF)	0.93	4.3	12/06/2025
Trust Payments Gateway for WooCommerce (JavaScript Library)<= 1.3.6 Cross Site Request Forgery (CSRF)	N/A	4.3	21/05/2025
MF Plus WPML<= 1.1 Settings Change	N/A	6.5	29/04/2025
Melapress File Monitor< 2.2.0 Broken Access Control	6.21	5.4	20/11/2024
WC Pickup Store<= 1.8.9 Settings Change	13	6.5	01/04/2025
CM On Demand Search And Replace<= 1.5.5 Broken Access Control	4.95	4.3	31/05/2025
Contact Form – 7 : Hide Success Message<= 1.1.4 Broken Access Control	N/A	5.3	15/05/2025
Dashboard Widget Sidebar<= 1.2.3 Broken Access Control	3.23	4.3	22/05/2025
WP YouTube Live<= 1.10.0 Cross Site Request Forgery (CSRF)	2.15	4.3	22/05/2025
Zara 4 Image Compression<= 1.2.17.2 Broken Access Control	N/A	4.3	16/05/2025
eDS Responsive Menu<= 1.2 Broken Access Control	N/A	4.3	16/05/2025
Contact Form 7 AWeber Extension<= 0.1.40 Broken Access Control	N/A	5.3	19/05/2025
WooCommerce Fortnox Integration<= 4.5.5 Broken Access Control	N/A	5.4	20/05/2025
WooCommerce Manager – Customize and Control Cart page, Add to Cart button, Chec<= 1.2.4.5 Broken Access Control	N/A	5.4	20/05/2025
Mailing Group Listserv<= 3.0.5 Cross Site Request Forgery (CSRF)	1.63	6.5	13/05/2025
Real Estate Manager<= 7.3 Cross Site Request Forgery (CSRF)	2.44	6.5	16/05/2025
WP Front User Submit / Front Editor<= 5.0.6 Cross Site Request Forgery (CSRF)	1.78	7.1	20/05/2025
Import YouTube videos as WP Posts<= 2.1 Broken Access Control	7.5	7.5	21/05/2025
WP Dummy Content Generator<= 3.4.6 Arbitrary Content Deletion	7.48	6.5	21/11/2024
CubeWP Forms<= 1.1.5 Broken Access Control	4.3	4.3	22/05/2025
Advanced Settings<= 3.0.1 Cross Site Request Forgery (CSRF)	N/A	4.3	15/05/2025
MultiVendorX<= 4.2.23 Broken Access Control	19.78	8.6	13/05/2025
Min Max Step Quantity Limits Manager for WooCommerce<= 5.1.0 Cross Site Request Forgery (CSRF)	2.15	4.3	31/05/2025
WP-CRM System<= 3.4.2 Broken Access Control	10.6	5.3	21/05/2025
Market Exporter<= 2.0.22 Cross Site Request Forgery (CSRF)	2.15	4.3	19/05/2025
Verge3D<= 4.9.4 Broken Access Control	7.95	5.3	16/05/2025
Woo Slider Pro<= 1.12 Arbitrary Content Deletion	3.25	6.5	16/05/2025
Front End Users<= 3.2.35 Broken Access Control	10.8	5.4	13/12/2024
Product Quantity Dropdown For Woocommerce<= 1.2 Cross Site Request Forgery (CSRF)	N/A	4.3	29/04/2025
Simple File List<= 6.1.13 Settings Change	10.6	5.3	01/04/2025
WP Logger<= 2.2 Broken Access Control	5.4	5.4	29/11/2024
AI Text to Speech<= 3.0.3 Broken Access Control	14.95	6.5	25/11/2024
Church Admin<= 5.0.9 Sensitive Data Exposure	9.89	4.3	25/11/2024
WooCommerce Product Table Lite<= 3.9.5 Broken Access Control	8.6	4.3	03/03/2025
Barcode Generator for WooCommerce<= 2.0.4 Arbitrary Content Deletion	7.5	7.5	26/11/2024
T&P Gallery Slider<= 1.2 Cross Site Scripting (XSS)	14.2	7.1	28/11/2024
Add Product Frontend for WooCommerce<= 1.0.8 Arbitrary Content Deletion	16.4	8.2	31/12/2024
WooCommerce Loyal Customers<= 2.6 Broken Access Control	15	7.5	02/12/2024
Fazyvo<= 1.6 Cross Site Scripting (XSS)	14.2	7.1	29/10/2024
Industrial Lite<= 1.0.8 Broken Access Control	N/A	4.3	29/10/2024
AT Internet SmartTag<= 0.2 Cross Site Scripting (XSS)	14.2	7.1	15/10/2024
Simple WP Events<= 1.8.17 Sensitive Data Exposure	15	7.5	31/12/2024
WordPress Health and Server Condition – Integrated with Google Page Speed<= 4.1.1 Cross Site Scripting (XSS)	14.2	7.1	31/10/2024
Simple WP Events<= 1.8.17 Arbitrary File Deletion	22.5	7.5	21/10/2024
Internal Link Optimiser<= 5.1.2 Settings Change	13	6.5	16/12/2024
SEO Help<= 6.7.9 Broken Access Control	13	6.5	30/11/2024
Broadstreet Ads<= 1.52.1 Cross Site Scripting (XSS)	6.5	6.5	30/11/2024
Live Forms<= 4.8.5 Broken Access Control	8.6	4.3	26/11/2024
Table Block by RioVizual<= 2.3.1 Cross Site Request Forgery (CSRF)	2.15	4.3	02/12/2024
DethemeKit For Elementor<= 2.1.10 Broken Access Control	21.2	5.3	20/08/2024
Simple Website Logo<= 1.1 Broken Access Control	10.6	5.3	30/11/2024
SurveyJS<= 1.12.20 Broken Access Control	10.6	5.3	10/01/2025
Jetpack Feedback Exporter<= 1.23 Sensitive Data Exposure	N/A	5.3	28/03/2025
MasterStudy LMS<= 3.5.28 Broken Access Control	4.3	4.3	06/11/2024
Woocommerce Products Reorder Drag Drop Multiple Sort – Sortable, Rearrange Products V<= 1.9 Broken Access Control	4.3	4.3	26/11/2024
AdMail – Multilingual Back in-Stock Notifier for WooCommerce<= 1.7.0 Broken Access Control	N/A	4.3	30/12/2024
eaSYNC<= 1.3.19 Broken Access Control	N/A	5.4	31/12/2024
Colibri Page Builder<= 1.0.329 Cross Site Scripting (XSS)	19.5	6.5	15/11/2024
Small Package Quotes – Worldwide Express Edition<= 5.2.19 Broken Access Control	13	6.5	31/12/2024
Payday<= 3.3.18 Broken Access Control	11.6	5.8	28/11/2024
WR Price List Manager For Woocommerce<= 1.0.8 Broken Access Control	5.4	5.4	03/12/2024
Free Woocommerce Product Table View<= 1.78 Arbitrary Content Deletion	6.5	6.5	26/11/2024
Residential Address Detection<= 2.5.4 Broken Access Control	13	6.5	31/12/2024
WooTumblog<= 2.1.4 Content Injection	13	6.5	27/11/2024
Clients<= 1.1.4 Broken Access Control	6.4	6.4	27/11/2024
Minimalistic Event Manager<= 1.1.1 Broken Access Control	6.4	6.4	27/11/2024
Tiger<= 2.0 Cross Site Scripting (XSS)	6.5	6.5	29/10/2024

Report vulnerabilities to earn bounties and rewards!

Include pending