Alliance bounty program
About Alliance Leaderboard Vulnerability database WordPress security
Login

Lenon Leite

0
0
0
0
Twitter Github Website
28 November, 2022
Lenon Leite
Alliance XP
0
Total reports
80
Reports, last 90 days
0
Contributions 80
Achievements Soon

Report WordPress vulnerabilities, earn prizes and become an Alliance member!

Join Patchstack Alliance

Plugin

Homepage Product Organizer for WooCommerce <= 1.1 Multiple Authenticated SQL Injection (SQLi) vulnerabilities

+0 AXP

9.1

19 July, 2022

Plugin

Hermit 音乐播放器 <= 3.1.6 Authenticated SQL Injection (SQLi) vulnerability

7.4

28 April, 2022

Plugin

Hermit 音乐播放器 <= 3.1.6 Unauthenticated SQL Injection SQLi) vulnerability

8.3

28 April, 2022

Plugin

3xSocializer <= 0.98.22 Authenticated SQL Injection (SQLi) vulnerability

6.0

25 April, 2022

Plugin

[GWA] AutoResponder <= 2.3 Unauthenticated SQL Injection (SQLi) vulnerability

7.3

27 January, 2022

Theme

Edict Lite <= 1.1.4 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

The100 <= 1.1.2 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

WP Store <= 1.1.9 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

Eight Sec <= 1.1.4 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

EightLaw Lite <= 2.1.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

Eightmedi Lite <= 2.1.8 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

EightStore Lite <= 1.2.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

Brovy <= 1.3 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

WPparallax <= 2.0.6 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

Arrival <= 1.4.2 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

Ultra Seven <= 1.2.8 Arbitrary File Upload vulnerability

8.8

24 December, 2021

Theme

Opstore <= 1.4.3 Arbitrary File Upload vulnerability

+0 AXP

8.8

24 December, 2021

Theme

AccessPress Parallax <= 4.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Accesspress Lite <= 2.92 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

AccessPress Store <= 2.4.9 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Zigcy Lite <= 2.0.9 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Enlighten <= 1.3.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Accesspress Mag <= 2.6.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

StoreVilla <= 1.4.1 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Punte <= 1.1.2 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Accesspress Basic <= 3.2.1 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

AccessPress Root <= 2.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Construction Lite <= 1.2.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

VMagazine Lite <= 1.3.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

ParallaxSome <= 1.3.6 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

FotoGraphy <= 2.4.0 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

VMag <= 1.2.7 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Uncode Lite <= 1.3.3 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Bingle <= 1.0.4 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

The Launcher <= 1.3.2 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

ScrollMe <= 2.1.0 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Agency Lite <= 1.1.6 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Swing Lite <= 1.1.9 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Vmagazine News <= 1.0.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Bloger <= 1.2.6 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Revolve <= 1.3.1 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Ripple <= 1.2.0 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Zigcy Cosmetics <= 1.0.5 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

The Monday <= 1.4.1 Arbitrary File Upload vulnerability

8.8

28 November, 2021

Theme

Zigcy Baby <= 1.0.6 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Doko <= 1.0.27 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Theme

Sakala <= 1.0.4 Arbitrary File Upload vulnerability

+0 AXP

8.8

28 November, 2021

Plugin

PowerPress Podcasting <= 8.6.1 Multiple Authenticated CrossSite Scripting (XSS) vulnerabilities

4.8

14 May, 2021

Plugin

MalCare Security <= 4.57 Authenticated CrossSite Scripting (XSS) vulnerability

4.8

5 May, 2021

Plugin

Contact Form Submissions <= 1.7 Authenticated Double Query SQL injection (SQLi) vulnerability

4.7

3 January, 2021

Plugin

Redux Framework <= 4.1.20 CrossSite Request Forgery (CSRF) Nonce Validation Bypass vulnerability

+0 AXP

5.3

15 December, 2020

Plugin

Redux Framework <= 4.1.20 CSRF Nonce Validation Bypass vulnerability

5.4

15 December, 2020

Plugin

Profile Builder Pro <= 3.3.2 Authenticated Blind SQL Injection (SQLi) vulnerability

+0 AXP

8.8

2 December, 2020

Plugin

Profile Builder <= 3.3.2 Authenticated Blind SQL Injection (SQLi) vulnerability

+0 AXP

8.8

2 December, 2020

Plugin

Media Library Assistant <= 2.84 Authenticated Blind SQL Injection (SQLi) vulnerability

+0 AXP

7.6

24 November, 2020

Plugin

Contextual Related Posts <= 2.9.3 CrossSite Request Forgery (CSRF) Nonce Validation Bypass vulnerability

+0 AXP

4.3

19 November, 2020

Plugin

Advanced Booking Calendar <= 1.6.1 Unauthenticated SQL Injection (SQLi) vulnerability

+0 AXP

9.3

22 October, 2020

Plugin

HyperComments <= 1.2.2 Unauthenticated Arbitrary File Deletion vulnerability

+0 AXP

7.2

7 October, 2020

Plugin

Woo Import Export 1.0 Arbitrary File Deletion vulnerability

29 April, 2018

Plugin

Google Drive for WordPress <= 2.2 Remote Code Execution (RCE) vulnerability

18 April, 2018

Plugin

Simple Events Calendar <= 1.3.5 Authenticated SQL Injection (SQLi) vulnerability

20 November, 2017

Plugin

Events <= 2.3.4 Authenticated SQL Injection (SQLi) vulnerability

20 November, 2017

Plugin

Active Directory Integration <= 1.1.8 Authenticated SQL Injection (SQLi) vulnerability

20 November, 2017

Plugin

JTRT Responsive Tables 4.1 SQL Injection (SQLi) vulnerability

7 November, 2017

Plugin

Link Library <= 5.9.13.26 Library plugin <=5.9.13.26 – Authenticated SQL Injection vulnerability

16 August, 2017

Plugin

Ultimate Product Catalogue 4.2.2 SQL Injection vulnerability

27 June, 2017

Plugin

ZM Gallery <= 1.0 Blind SQL Injection

20 December, 2016

Plugin

WP Private Messages <= 1.0.1 SQL Injection

16 December, 2016

Plugin

Xtreme Locator <= 1.5 SQL Injection

14 December, 2016

Plugin

ZX CSV Upload <= 1.0 Authenticated SQL Injection

12 December, 2016

Plugin

WA Form Builder <= 1.1 Unauthenticated SQL Injection

5 December, 2016

Plugin

Single Personal Message <= 1.0.3 SQL Injection

5 December, 2016

Plugin

WP Vault <= 0.8.6.6 Local File Inclusion

30 November, 2016

Plugin

Product Catalog 8 <= 1.2 Unauthenticated SQL Injection

28 November, 2016

Plugin

Answer My Question <= 1.3 SQL Injection

17 November, 2016

Plugin

BBS e-Franchise <= 1.1.1 Franchise Plugin <= 1.1.1 SQL Injection

12 November, 2016

Plugin

Mini Cart <= 1.00.1 Authenticated SQL Injection

11 November, 2016

Plugin

FireStorm Shopping Cart <= 2.07.02 SQL Injection

10 November, 2016

Plugin

Sirv <= 1.3.1 Authenticated SQL Injection

10 November, 2016

Plugin

WP Private Messages <= 1.0 SQL Injection

29 June, 2013

Back to top

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugin developers NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022

Social

DPA Privacy Policy Terms & Conditions © 2023 Patchstack

Solutions

WordPress security Vulnerability database Vulnerability API Bug bounty program Plugin auditing Active security programs NEW

WordPress security

Pricing & features For care plans For hosts For plugin developers NEW Documentation

Patchstack

About us Careers Media Kit Articles & insight Whitepaper 2022

Social

Let us know if we have missed a vulnerability reported elsewhere

Report arrow right Close

Thank you for contributing!

Successfully submit vulnerabilities and receive an invite to our Alliance platform.

Learn more arrow right Close