João Pedro S Alcântara (Kinorth)

Say thanks

22,246.19

XP

1,195

Reports

167

Reports, last 90 days

#5

10 Apr, 2026

🇧🇷

Lvl 12

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
WaveRide<= 1.4 Local File Inclusion	32.4	8.1	10/02/2026
Uppercase< 1.2.2 Local File Inclusion	32.4	8.1	07/02/2026
Blueprint< 1.1.5 Local File Inclusion	32.4	8.1	07/02/2026
Getaway< 1.8 Local File Inclusion	32.4	8.1	06/02/2026
Mikado Core<= 1.6 Local File Inclusion	32.4	8.1	03/01/2026
Softlab Core< 1.2.11 Local File Inclusion	24.3	8.1	08/02/2026
Integrio Core< 1.2.8 Local File Inclusion	32.4	8.1	08/02/2026
Thegov Core< 2.0.23 Local File Inclusion	32.4	8.1	07/02/2026
Car Dealer<= 1.6.7 Cross Site Scripting (XSS)	14.2	7.1	29/12/2025
Golo< 1.7.5 Cross Site Scripting (XSS)	14.2	7.1	06/01/2026
Apicona<= 24.1.0 PHP Object Injection	17.6	8.8	30/12/2025
NaturaLife Extensions<= 2.1 Cross Site Scripting (XSS)	14.2	7.1	30/12/2025
NaturaLife Extensions<= 2.1 Local File Inclusion	32.4	8.1	30/12/2025
Vayvo< 6.8 Cross Site Scripting (XSS)	14.2	7.1	18/01/2026
Boutique< 2.4.6 Cross Site Scripting (XSS)	14.2	7.1	11/01/2026
Gaea< 3.8 Cross Site Scripting (XSS)	14.2	7.1	22/01/2026
Gyan Elements<= 2.2.1 Cross Site Scripting (XSS)	14.2	7.1	02/01/2026
KIDZ<= 5.24 PHP Object Injection	39.2	9.8	07/01/2026
Ricky< 2.31 PHP Object Injection	29.4	9.8	08/01/2026
Tasty Daily< 1.27 PHP Object Injection	29.4	9.8	08/01/2026
Goldish< 3.47 PHP Object Injection	39.2	9.8	08/01/2026
Motta Addons< 1.6.1 Cross Site Scripting (XSS)	14.2	7.1	09/01/2026
Kunco< 1.4.5 Local File Inclusion	74.52	8.1	30/01/2026
Phox Hosting<= 2.0.8 Cross Site Scripting (XSS)	14.2	7.1	26/12/2025
Kentha<= 4.7.2 Cross Site Scripting (XSS)	14.2	7.1	24/12/2025
XStore Core<= 5.6.4 Cross Site Scripting (XSS)	97.98	7.1	20/12/2025
Penci Soledad Data Migrator<= 1.3.1 Cross Site Scripting (XSS)	42.6	7.1	13/12/2025
tagDiv Composer<= 5.4.2 Cross Site Scripting (XSS)	56.8	7.1	09/12/2025
Wolverine Framework<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Darna Framework<= 2.9 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Zorka<= 1.5.7 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Legacy Admin<= 9.5 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Ultra WordPress Admin<= 11.7 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Handmade Framework<= 3.9 Cross Site Scripting (XSS)	14.2	7.1	08/12/2025
Lisfinity Core<= 1.5.0 SQL Injection	37.2	9.3	07/12/2025
DeepDigital<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	05/12/2025
BuddyApp<= 1.9.2 Cross Site Scripting (XSS)	14.2	7.1	05/12/2025
Flipmart<= 2.8 Broken Access Control	10.6	5.3	31/01/2026
EventON<= 4.9.12 Cross Site Scripting (XSS)	48.99	7.1	29/09/2025
Ultimate Addons for WPBakery Page Builder<= 3.21.1 Broken Access Control	44.85	6.5	29/09/2025
Medilazar Core< 1.4.7 Local File Inclusion	11.25	7.5	29/01/2026
Porto<= 7.6.2 Cross Site Scripting (XSS)	56.8	7.1	11/09/2025
UberSlider Ultra<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider PerpetuumMobile<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider MouseInteraction<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider Classic<= 2.5 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
LBG Zoominoutslider<= 5.4.5 Cross Site Scripting (XSS)	14.2	7.1	29/08/2025
LambertGroup - AllInOne - Banner with Thumbnails<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	26/08/2025
LambertGroup - AllInOne - Content Slider<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	26/08/2025
LambertGroup - AllInOne - Banner with Playlist<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	25/08/2025
AllInOne - Banner Rotator<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	25/08/2025
WP Attractive Donations System - Easy Stripe & Paypal donations<= 1.25 SQL Injection	37.2	9.3	21/08/2025
Lawyer Directory<= 1.3.2 Cross Site Scripting (XSS)	14.2	7.1	11/08/2025
Tribe<= 1.7.3 Local File Inclusion	32.4	8.1	03/12/2025
Alchemists<= 4.6.0 Local File Inclusion	32.4	8.1	03/12/2025
Riode Core<= 1.6.26 SQL Injection	37.2	9.3	01/12/2025
Molla<= 1.5.16 Local File Inclusion	32.4	8.1	01/12/2025
Wolmart<= 1.9.6 Local File Inclusion	32.4	8.1	30/11/2025
The Issue<= 1.6.11 Local File Inclusion	32.4	8.1	29/11/2025
Starto< 2.2.5 Cross Site Scripting (XSS)	10.65	7.1	26/11/2025
Grand News<= 3.4.3 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Architecturer< 3.9.5 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Awa Plugins<= 1.4.4 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
tagDiv Composer<= 5.4.3 Cross Site Scripting (XSS)	4.88	6.5	25/01/2026
Musico< 3.4.5 Cross Site Scripting (XSS)	14.2	7.1	24/11/2025
Celeste<= 1.3.6 PHP Object Injection	32.4	8.1	24/11/2025
Gecko<= 1.9.8 Cross Site Scripting (XSS)	14.2	7.1	22/11/2025
Claue - Clean, Minimal Elementor WooCommerce Theme<= 2.2.7 Cross Site Scripting (XSS)	14.2	7.1	22/11/2025
Aora<= 1.3.15 Local File Inclusion	32.4	8.1	20/11/2025
Metro<= 2.13 Cross Site Scripting (XSS)	14.2	7.1	19/11/2025
Metro<= 2.13 Local File Inclusion	32.4	8.1	19/11/2025
Sweet Date< 4.0.1 PHP Object Injection	90.16	9.8	30/10/2025
OrganicFood<= 3.6.4 Local File Inclusion	11.25	7.5	22/01/2026
Homeo<= 1.2.59 Local File Inclusion	11.25	7.5	22/01/2026
Freeio<= 1.3.21 Local File Inclusion	11.25	7.5	22/01/2026
Boldman<= 7.7 Local File Inclusion	11.25	7.5	21/01/2026
LabtechCO<= 8.3 Local File Inclusion	11.25	7.5	20/01/2026
Emphires<= 3.9 Local File Inclusion	11.25	7.5	20/01/2026
Greenly Theme Addons< 8.2 Local File Inclusion	11.25	7.5	20/01/2026
Greenly<= 8.1 Local File Inclusion	11.25	7.5	20/01/2026
Valenti<= 5.6.3.5 PHP Object Injection	13.2	8.8	21/10/2025
Grand Restaurant<= 7.0.10 PHP Object Injection	90.16	9.8	18/10/2025
Wolmart Core<= 1.9.6 SQL Injection	37.2	9.3	30/11/2025
Applay - Shortcodes<= 3.7 PHP Object Injection	14.7	9.8	30/11/2025
Medilink-Core< 2.0.7 Local File Inclusion	11.25	7.5	17/01/2026
CitiLights< 3.7.2 Broken Access Control	10.6	5.3	17/01/2026
Turbo Manager< 4.0.8 Local File Inclusion	11.25	7.5	17/01/2026
Mogi<= 1.2.3 Broken Access Control	7.95	5.3	14/01/2026
Uminex<= 1.0.9 Content Injection	5.3	5.3	13/01/2026
DukaMarket<= 1.3.0 Content Injection	5.3	5.3	13/01/2026
Armania<= 1.4.8 Content Injection	7.95	5.3	12/01/2026
TechOne<= 3.0.3 Content Injection	7.95	5.3	12/01/2026
Biolife<= 3.2.3 Broken Access Control	10.6	5.3	12/01/2026
Biolife<= 3.2.3 Local File Inclusion	11.25	7.5	12/01/2026
Nika<= 1.2.14 Local File Inclusion	24.3	8.1	29/11/2025
Diza<= 1.3.15 Local File Inclusion	24.3	8.1	28/11/2025
Fana<= 1.1.35 Local File Inclusion	24.3	8.1	28/11/2025
Zota<= 1.3.14 Local File Inclusion	24.3	8.1	27/11/2025
Diamond<= 2.4.8 Cross Site Scripting (XSS)	14.2	7.1	27/11/2025
Boutique<= 2.3.3 Local File Inclusion	11.25	7.5	11/01/2026

Report vulnerabilities to earn bounties and rewards!

Include pending