🦸 Calling all superheroes! Introducing the WordPress Superhero Challenge for the Wordfence Bug Bounty Program: Earn up to $31,200 for High Impact Vulnerabilities! Through October 14th, 2024, all vulnerabilities reported in plugins or themes with >= 5,000,000 active installs will be 3x our highest bounty rewards making our top reward $31,200. Check out the updated bounties here!

Wordfence Intelligence > Vulnerability Researchers > Lucio Sá

Lucio Sá

All Time Ranking

230

All Time Discoveries

90 Day Published Submissions

12 Sep '24

Last Published Submission

10 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 121-140 of 230 Vulnerabilities

AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization to Unauthenticated Ad Status Update

5.3

CVE-2024-34802

May 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval

5.3

CVE-2024-1688

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

5.3

CVE-2024-3893

Apr 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

ARMember <= 4.0.27 - Directory Traversal via X-FILENAME

5.3

CVE ID Unknown

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3

CVE-2024-1732

Apr 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass

5.3

CVE-2024-1181

Mar 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update

5.3

CVE-2024-1733

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

5.3

CVE-2024-1640

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass

5.3

CVE-2024-1321

Mar 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass

5.3

CVE-2024-1136

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication

5.3

CVE-2024-1368

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export

5.3

CVE-2024-1686

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval

5.3

CVE-2024-1126

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return

5.3

CVE-2024-1389

Feb 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

5.3

CVE-2024-1322

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval

5.3

CVE-2024-1079

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import

5.3

CVE-2024-1110

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export

5.3

CVE-2024-1109

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

5.3

CVE-2023-6963

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery

5.3

CVE-2023-6984

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
AdFoxly – Ad Manager, AdSense Ads & Ads.txt <= 1.8.5 - Missing Authorization to Unauthenticated Ad Status Update	CVE-2024-34802	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	May 20, 2024
Woo Total Sales <= 3.1.4 - Missing Authorization to Unauthenticated Sales Report Retrieval	CVE-2024-1688	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	April 29, 2024
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion	CVE-2024-3893	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 24, 2024
ARMember <= 4.0.27 - Directory Traversal via X-FILENAME		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 4, 2024
Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion	CVE-2024-1732	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 1, 2024
Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass	CVE-2024-1181	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 19, 2024
Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update	CVE-2024-1733	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 15, 2024
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration	CVE-2024-1640	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 13, 2024
EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass	CVE-2024-1321	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 8, 2024
Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass	CVE-2024-1136	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 27, 2024
Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication	CVE-2024-1368	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 27, 2024
Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export	CVE-2024-1686	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 26, 2024
EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval	CVE-2024-1126	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 14, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return	CVE-2024-1389	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 13, 2024
Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change	CVE-2024-1322	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 12, 2024
Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval	CVE-2024-1079	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2024
Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import	CVE-2024-1110	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 6, 2024
Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export	CVE-2024-1109	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2024
Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass	CVE-2023-6963	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 17, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery	CVE-2023-6984	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 2, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation