Wordfence Intelligence   >   Vulnerability Researchers   >   João Pedro Soares de Alcântara

João Pedro Soares de Alcântara

Organization: Kinorth

20
All Time Ranking
197
All Time Discoveries
0
90 Day Published Submissions
19 Aug '24
Last Published Submission

About

My name is João Pedro Soares de Alcântara, i'm a bug bounty hunter, ethical hacker, RPA developer and computer engineering student.

4 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 18, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
April 9, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 20, 2024
Learn more Learn more about Achievements

Showing 21-40 of 197 Vulnerabilities

SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49612
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Simple Code Insert Shortcode <= 1.0 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-49613
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SermonAudio Widgets <= 1.9.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-49614
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Rate Own Post <= 1.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49616
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49618
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SafetyForms <= 1.0.0 - Cross-Site Request Forgery
8.8
CVE-2024-49615
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Back Link Tracker <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
8.8
CVE-2024-49617
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
8.8
CVE-2024-49621
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection
8.8
CVE-2024-49622
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-49243
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Maan Addons For Elementor <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-49251
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
RS-Members <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation
8.8
CVE-2024-49219
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
External featured image from bing <= 1.0.2 - Authenticated (Subscriber+) Remote Code Execution
8.8
CVE-2024-48027
Oct 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SB Random Posts Widget <= 1.0 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-48029
Oct 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-9575
Oct 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
MaxSlider <= 1.2.3 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-47351
Sep 30, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-44048
Sep 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion
8.8
CVE-2024-43957
Aug 26, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Void Elementor Post Grid Addon for Elementor Page builder <= 2.3 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-43281
Aug 16, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Woo Products Widgets For Elementor <= 2.0.4 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-43271
Aug 12, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-49612 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Simple Code Insert Shortcode <= 1.0 - Authenticated (Contributor+) SQL Injection CVE-2024-49613 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
SermonAudio Widgets <= 1.9.3 - Authenticated (Contributor+) SQL Injection CVE-2024-49614 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Rate Own Post <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-49616 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-49618 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
SafetyForms <= 1.0.0 - Cross-Site Request Forgery CVE-2024-49615 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
Back Link Tracker <= 1.0.0 - Cross-Site Request Forgery to SQL Injection CVE-2024-49617 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection CVE-2024-49621 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection CVE-2024-49622 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 17, 2024
Dynamic Elementor Addons <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion CVE-2024-49243 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 14, 2024
Maan Addons For Elementor <= 1.0.1 - Authenticated (Contributor+) Local File Inclusion CVE-2024-49251 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 14, 2024
RS-Members <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation CVE-2024-49219 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 14, 2024
External featured image from bing <= 1.0.2 - Authenticated (Subscriber+) Remote Code Execution CVE-2024-48027 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 9, 2024
SB Random Posts Widget <= 1.0 - Authenticated (Contributor+) Local File Inclusion CVE-2024-48029 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 9, 2024
pretix widget <= 1.0.5 - Authenticated (Contributor+) Local File Inclusion CVE-2024-9575 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 9, 2024
MaxSlider <= 1.2.3 - Authenticated (Contributor+) Local File Inclusion CVE-2024-47351 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 30, 2024
Product Carousel Slider & Grid Ultimate for WooCommerce <= 1.9.10 - Authenticated (Contributor+) Local File Inclusion CVE-2024-44048 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H September 16, 2024
Animated Number Counters <= 1.9 - Authenticated (Editor+) Local File Inclusion CVE-2024-43957 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 26, 2024
Void Elementor Post Grid Addon for Elementor Page builder <= 2.3 - Authenticated (Contributor+) Local File Inclusion CVE-2024-43281 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 16, 2024
Woo Products Widgets For Elementor <= 2.0.4 - Authenticated (Contributor+) Local File Inclusion CVE-2024-43271 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H August 12, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation