Wordfence Intelligence   >   Vulnerability Researchers   >   João Pedro Soares de Alcântara

João Pedro Soares de Alcântara

Organization: Kinorth

20
All Time Ranking
197
All Time Discoveries
0
90 Day Published Submissions
19 Aug '24
Last Published Submission

About

My name is João Pedro Soares de Alcântara, i'm a bug bounty hunter, ethical hacker, RPA developer and computer engineering student.

4 Achievements

Learn more about Achievements
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
April 18, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
April 9, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
March 20, 2024
Learn more Learn more about Achievements

Showing 1-20 of 197 Vulnerabilities

Unite Gallery Lite <= 1.7.62 - Authenticated (Contributor+) SQL Injection
9.9
CVE-2024-43207
Aug 9, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
UserPlus <= 2.0 - Privilege Escalation
9.8
CVE-2024-52442
Nov 18, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Matix Popup Builder <= 1.0.0 - Unauthenticated Arbitrary Options Update
9.8
CVE-2024-52382
Nov 11, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AR For WordPress <= 6.6 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-50496
Oct 25, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-49327
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload
9.8
CVE-2024-49326
Oct 17, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Job Board Manager for WordPress <= 1.0 - Unauthenticated Privilege Escalation
9.8
CVE-2024-49322
Oct 15, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Adding drop down roles in registration <= 1.1 - Unauthenticated Privilege Escalation
9.8
CVE-2024-49217
Oct 14, 2024
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52499
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Absolute Addons For Elementor <= 1.0.14 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52496
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Shopready <= 3.5 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52497
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Office Locator <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52501
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
SP Blog Designer <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52498
Nov 20, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
de:branding <= 1.0.2 - Privilege Escalation
8.8
CVE-2024-52438
Nov 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Banner System <= 1.0.0 - Privilege Escalation
8.8
CVE-2024-52437
Nov 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nBlocks <= 1.0.2 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52450
Nov 18, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classified Listing <= 3.1.16 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-52386
Nov 11, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The Pack Elementor addons <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-50453
Oct 24, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Qode Essential Addons <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-50457
Oct 24, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Qi Blocks <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion
8.8
CVE-2024-49690
Oct 21, 2024
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Title CVE ID CVSS Vector Date
Unite Gallery Lite <= 1.7.62 - Authenticated (Contributor+) SQL Injection CVE-2024-43207 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H August 9, 2024
UserPlus <= 2.0 - Privilege Escalation CVE-2024-52442 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 18, 2024
Matix Popup Builder <= 1.0.0 - Unauthenticated Arbitrary Options Update CVE-2024-52382 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H November 11, 2024
AR For WordPress <= 6.6 - Unauthenticated Arbitrary File Upload CVE-2024-50496 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 25, 2024
Woostagram Connect <= 1.0.2 - Unauthenticated Arbitrary File Upload CVE-2024-49327 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 17, 2024
Affiliator <= 2.1.3 - Unauthenticated Arbitrary File Upload CVE-2024-49326 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 17, 2024
Job Board Manager for WordPress <= 1.0 - Unauthenticated Privilege Escalation CVE-2024-49322 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 15, 2024
Adding drop down roles in registration <= 1.1 - Unauthenticated Privilege Escalation CVE-2024-49217 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H October 14, 2024
Pricing table addon for elementor <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52499 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
Absolute Addons For Elementor <= 1.0.14 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52496 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
Shopready <= 3.5 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52497 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
Office Locator <= 1.3.0 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52501 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
SP Blog Designer <= 1.0.0 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52498 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 20, 2024
de:branding <= 1.0.2 - Privilege Escalation CVE-2024-52438 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 18, 2024
Banner System <= 1.0.0 - Privilege Escalation CVE-2024-52437 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 18, 2024
nBlocks <= 1.0.2 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52450 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 18, 2024
Classified Listing <= 3.1.16 - Authenticated (Contributor+) Local File Inclusion CVE-2024-52386 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H November 11, 2024
The Pack Elementor addons <= 2.0.9 - Authenticated (Contributor+) Local File Inclusion CVE-2024-50453 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 24, 2024
Qode Essential Addons <= 1.6.3 - Authenticated (Contributor+) Local File Inclusion CVE-2024-50457 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 24, 2024
Qi Blocks <= 1.3.2 - Authenticated (Contributor+) Local File Inclusion CVE-2024-49690 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H October 21, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation