Wordfence Intelligence   >   Vulnerability Researchers   >   João Pedro Soares de Alcântara

João Pedro Soares de Alcântara

Organization: Kinorth

18
All Time Ranking
237
All Time Discoveries
0
90 Day Published Submissions
19 Aug '24
Last Published Submission

About

My name is João Pedro Soares de Alcântara, i'm a bug bounty hunter, ethical hacker, RPA developer and computer engineering student.

4 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 18, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
April 9, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 20, 2024
Learn more Learn more about Achievements

Showing 1-20 of 237 Vulnerabilities

YDS Support Ticket System <= 1.0 - Authenticated (Subscriber+) SQL Injection
6.5
CVE-2024-55985
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
TSB Occasion Editor <= 1.2.1 - Authenticated (Subscriber+) SQL Injection
6.5
CVE-2024-55973
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WP Simple Pay Lite Manager <= 1.4 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2024-55989
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Navayan CSV Export <= 1.0.9 - Unauthenticated SQL Injection
9.8
CVE-2024-55988
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
LaunchPage.app Importer <= 1.1 - Unauthenticated SQL Injection
9.8
CVE-2024-55977
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
eTemplates <= 0.2.1 - Unauthenticated SQL Injection
9.8
CVE-2024-55972
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Mimoos <= 1.2 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-55974
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Critical Site Intel <= 1.0 - Unauthenticated SQL Injection
9.8
CVE-2024-55976
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Mollie for Contact Form 7 <= 5.0.0 - Authenticated (Administrator+) SQL Injection
7.2
CVE-2024-55990
Dec 14, 2024
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Restaurant & Cafe Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-54316
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Kundgenerator <= 1.0.6 - Reflected Cross-Site Scripting
6.1
CVE-2024-54319
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
FULL Customer <= 3.1.25 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-54313
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary Addon for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-54314
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
J&T Express Malaysia <= 2.0.13 - Reflected Cross-Site Scripting via [placeholder]
6.1
CVE-2024-54305
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Events Addon for Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-54315
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
GeoFlickr <= 1.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-54339
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Simple Presenter <= 1.5.1 - Reflected Cross-Site Scripting
6.1
CVE-2024-54340
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Staggs Product Configurator for WooCommerce <= 2.0.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-54342
Dec 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-54240
Dec 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting
6.1
CVE-2024-54240
Dec 6, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
YDS Support Ticket System <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-55985 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 14, 2024
TSB Occasion Editor <= 1.2.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-55973 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N December 14, 2024
WP Simple Pay Lite Manager <= 1.4 - Authenticated (Administrator+) SQL Injection CVE-2024-55989 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 14, 2024
Navayan CSV Export <= 1.0.9 - Unauthenticated SQL Injection CVE-2024-55988 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 14, 2024
LaunchPage.app Importer <= 1.1 - Unauthenticated SQL Injection CVE-2024-55977 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 14, 2024
eTemplates <= 0.2.1 - Unauthenticated SQL Injection CVE-2024-55972 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 14, 2024
Mimoos <= 1.2 - Authenticated (Subscriber+) SQL Injection CVE-2024-55974 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 14, 2024
Critical Site Intel <= 1.0 - Unauthenticated SQL Injection CVE-2024-55976 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H December 14, 2024
Mollie for Contact Form 7 <= 5.0.0 - Authenticated (Administrator+) SQL Injection CVE-2024-55990 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H December 14, 2024
Restaurant & Cafe Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-54316 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 11, 2024
Kundgenerator <= 1.0.6 - Reflected Cross-Site Scripting CVE-2024-54319 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 11, 2024
FULL Customer <= 3.1.25 - Authenticated (Contributor+) Local File Inclusion CVE-2024-54313 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H December 11, 2024
Primary Addon for Elementor <= 1.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-54314 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 11, 2024
J&T Express Malaysia <= 2.0.13 - Reflected Cross-Site Scripting via [placeholder] CVE-2024-54305 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 11, 2024
Events Addon for Elementor <= 2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-54315 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N December 11, 2024
GeoFlickr <= 1.3 - Reflected Cross-Site Scripting CVE-2024-54339 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 11, 2024
Simple Presenter <= 1.5.1 - Reflected Cross-Site Scripting CVE-2024-54340 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 11, 2024
Staggs Product Configurator for WooCommerce <= 2.0.0 - Reflected Cross-Site Scripting CVE-2024-54342 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 11, 2024
Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting CVE-2024-54240 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 6, 2024
Blaze Online eParcel for WooCommerce <= 1.3.3 - Reflected Cross-Site Scripting CVE-2024-54240 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N December 6, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation