Wordfence Intelligence   >   Vulnerability Researchers   >   João Pedro Soares de Alcântara

João Pedro Soares de Alcântara

Organization: Kinorth

5
All Time Ranking
569
All Time Discoveries
0
90 Day Published Submissions
19 Aug '24
Last Published Submission

About

My name is João Pedro Soares de Alcântara, i'm a bug bounty hunter, ethical hacker, RPA developer and computer engineering student.

4 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 18, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
April 9, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 20, 2024
Learn more Learn more about Achievements

Showing 1-20 of 569 Vulnerabilities

Crowdfunding for WooCommerce <= 3.1.12 - Reflected Cross-Site Scripting
6.1
CVE-2025-32628
Apr 10, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Sync Posts <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2025-32579
Apr 10, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Connector to CiviCRM with CiviMcRestFace <= 1.0.9 - Reflected Cross-Site Scripting
6.1
CVE-2025-32551
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Automatic Ban IP <= 1.0.7 - Reflected Cross-Site Scripting
6.1
CVE-2025-32632
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 - Reflected Cross-Site Scripting
6.1
CVE-2025-32586
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
All push notification for WP <= 1.5.3 - Cross-Site Request Forgery to SQL Injection
4.3
CVE-2025-32547
Apr 9, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Nearby Locations <= 1.1.1 - Authenticated (Administrator+) SQL Injection
4.9
CVE-2025-32128
Apr 7, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
CardGate Payments for WooCommerce <= 3.2.1 - Authenticated (Administrator+) SQL Injection
4.9
CVE-2025-32119
Apr 7, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-32197
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection
4.9
CVE-2025-32126
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
onOffice for WP-Websites <= 5.7 - Authenticated (Administrator+) SQL Injection
4.9
CVE-2025-32127
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Silvasoft boekhouden <= 3.0.1 - Authenticated (Administrator+) SQL Injection
4.9
CVE-2025-32125
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32159
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32157
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Just Post Preview Widget <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32156
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Beds24 Online Booking <= 2.0.28 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32155
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
aThemes Addons for Elementor <= 1.0.15 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2025-32158
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Brizy <= 2.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-32198
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
News Kit Elementor Addons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2025-32196
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting
6.1
CVE-2025-31901
Apr 2, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
Crowdfunding for WooCommerce <= 3.1.12 - Reflected Cross-Site Scripting CVE-2025-32628 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 10, 2025
Sync Posts <= 1.0 - Authenticated (Subscriber+) Arbitrary File Upload CVE-2025-32579 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 10, 2025
Connector to CiviCRM with CiviMcRestFace <= 1.0.9 - Reflected Cross-Site Scripting CVE-2025-32551 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 9, 2025
Automatic Ban IP <= 1.0.7 - Reflected Cross-Site Scripting CVE-2025-32632 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 9, 2025
ABA PayWay Payment Gateway for WooCommerce <= 2.1.4 - Reflected Cross-Site Scripting CVE-2025-32586 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 9, 2025
All push notification for WP <= 1.5.3 - Cross-Site Request Forgery to SQL Injection CVE-2025-32547 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N April 9, 2025
Nearby Locations <= 1.1.1 - Authenticated (Administrator+) SQL Injection CVE-2025-32128 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 7, 2025
CardGate Payments for WooCommerce <= 3.2.1 - Authenticated (Administrator+) SQL Injection CVE-2025-32119 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 7, 2025
Piotnet Addons For Elementor <= 2.4.34 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32197 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 4, 2025
Pay with Contact Form 7 <= 1.0.4 - Authenticated (Administrator+) SQL Injection CVE-2025-32126 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 4, 2025
onOffice for WP-Websites <= 5.7 - Authenticated (Administrator+) SQL Injection CVE-2025-32127 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 4, 2025
Silvasoft boekhouden <= 3.0.1 - Authenticated (Administrator+) SQL Injection CVE-2025-32125 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N April 4, 2025
Radius Blocks <= 2.2.1 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32159 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
Sparkle Elementor Kit <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32157 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
Just Post Preview Widget <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32156 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
Beds24 Online Booking <= 2.0.28 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32155 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
aThemes Addons for Elementor <= 1.0.15 - Authenticated (Contributor+) Local File Inclusion CVE-2025-32158 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H April 4, 2025
Brizy <= 2.6.14 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32198 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 4, 2025
News Kit Elementor Addons <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2025-32196 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N April 4, 2025
Digihood HTML Sitemap <= 3.1.1 - Reflected Cross-Site Scripting CVE-2025-31901 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N April 2, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

This site uses cookies in accordance with our Privacy Policy.