Wordfence Intelligence   >   Vulnerability Researchers   >   João Pedro Soares de Alcântara

João Pedro Soares de Alcântara

Organization: Kinorth

20
All Time Ranking
197
All Time Discoveries
0
90 Day Published Submissions
19 Aug '24
Last Published Submission

About

My name is João Pedro Soares de Alcântara, i'm a bug bounty hunter, ethical hacker, RPA developer and computer engineering student.

4 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 18, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
April 9, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 20, 2024
Learn more Learn more about Achievements

Showing 81-100 of 197 Vulnerabilities

APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
8.8
CVE-2024-49621
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Back Link Tracker <= 1.0.0 - Cross-Site Request Forgery to SQL Injection
8.8
CVE-2024-49617
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SafetyForms <= 1.0.0 - Cross-Site Request Forgery
8.8
CVE-2024-49615
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Google Map Locations <= 1.0 - Reflected Cross-Site Scripting
6.1
CVE-2024-49606
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49618
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Rate Own Post <= 1.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49616
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SermonAudio Widgets <= 1.9.3 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-49614
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Simple Code Insert Shortcode <= 1.0 - Authenticated (Contributor+) SQL Injection
8.8
CVE-2024-49613
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection
8.8
CVE-2024-49612
Oct 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-49326
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-49327
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection
8.8
CVE-2024-49622
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Job Board Manager for WordPress <= 1.0 - Unauthenticated Privilege Escalation
9.8
CVE-2024-49322
Oct 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49310
Oct 15, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Arkhe Blocks <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49261
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Country Flags for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49262
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Events Addon for Elementor <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49264
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Primary Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49259
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Smart Blocks <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49270
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Unlimited Addon For Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
6.4
CVE-2024-49267
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Title CVE ID CVSS Vector Date
APA Register Newsletter Form <= 1.0.0 - Cross-Site Request Forgery to SQL Injection CVE-2024-49621 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
Back Link Tracker <= 1.0.0 - Cross-Site Request Forgery to SQL Injection CVE-2024-49617 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
SafetyForms <= 1.0.0 - Cross-Site Request Forgery CVE-2024-49615 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 18, 2024
Google Map Locations <= 1.0 - Reflected Cross-Site Scripting CVE-2024-49606 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N October 18, 2024
MyTweetLinks <= 1.1.1 - Authenticated (Subscriber+) SQL Injection CVE-2024-49618 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Rate Own Post <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-49616 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
SermonAudio Widgets <= 1.9.3 - Authenticated (Contributor+) SQL Injection CVE-2024-49614 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Simple Code Insert Shortcode <= 1.0 - Authenticated (Contributor+) SQL Injection CVE-2024-49613 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
SW Contact Form <= 1.0 - Authenticated (Subscriber+) SQL Injection CVE-2024-49612 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 18, 2024
Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload CVE-2024-49326 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 17, 2024
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload CVE-2024-49327 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 17, 2024
Apa Banner Slider <= 1.0.0 - Cross-Site Request Forgery to SLQ Injection CVE-2024-49622 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H October 17, 2024
Job Board Manager for WordPress <= 1.0 - Unauthenticated Privilege Escalation CVE-2024-49322 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 15, 2024
Themesflat Addons For Elementor <= 2.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49310 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 15, 2024
Arkhe Blocks <= 2.23.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49261 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024
Country Flags for Elementor <= 1.0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49262 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024
Events Addon for Elementor <= 2.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49264 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024
Primary Addon for Elementor <= 1.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49259 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024
Smart Blocks <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49270 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024
Unlimited Addon For Elementor <= 2.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting CVE-2024-49267 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N October 14, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation