João Pedro S Alcântara (Kinorth)

Say thanks

21,661.07

XP

1,177

Reports

137

Reports, last 90 days

#18

16 Mar, 2026

🇧🇷

Lvl 12

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Penci Soledad Data Migrator<= 1.3.1 Cross Site Scripting (XSS)	42.6	7.1	Dec 13, 2025
tagDiv Composer<= 5.4.2 Cross Site Scripting (XSS)	56.8	7.1	Dec 9, 2025
Wolverine Framework<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	Dec 9, 2025
Darna Framework<= 2.9 Cross Site Scripting (XSS)	14.2	7.1	Dec 9, 2025
Zorka<= 1.5.7 Cross Site Scripting (XSS)	14.2	7.1	Dec 9, 2025
Legacy Admin<= 9.5 Cross Site Scripting (XSS)	14.2	7.1	Dec 9, 2025
Ultra WordPress Admin<= 11.7 Cross Site Scripting (XSS)	14.2	7.1	Dec 9, 2025
Handmade Framework<= 3.9 Cross Site Scripting (XSS)	14.2	7.1	Dec 8, 2025
Lisfinity Core<= 1.5.0 SQL Injection	37.2	9.3	Dec 7, 2025
DeepDigital<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	Dec 5, 2025
BuddyApp<= 1.9.2 Cross Site Scripting (XSS)	14.2	7.1	Dec 5, 2025
EventON<= 4.9.12 Cross Site Scripting (XSS)	48.99	7.1	Sep 29, 2025
Ultimate Addons for WPBakery Page Builder<= 3.21.1 Broken Access Control	44.85	6.5	Sep 29, 2025
Medilazar Core< 1.4.7 Local File Inclusion	11.25	7.5	Jan 29, 2026
Porto<= 7.6.2 Cross Site Scripting (XSS)	56.8	7.1	Sep 11, 2025
UberSlider Ultra<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	Aug 30, 2025
UberSlider PerpetuumMobile<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	Aug 30, 2025
UberSlider MouseInteraction<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	Aug 30, 2025
UberSlider Classic<= 2.5 Cross Site Scripting (XSS)	14.2	7.1	Aug 30, 2025
LBG Zoominoutslider<= 5.4.5 Cross Site Scripting (XSS)	14.2	7.1	Aug 29, 2025
LambertGroup - AllInOne - Banner with Thumbnails<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	Aug 26, 2025
LambertGroup - AllInOne - Content Slider<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	Aug 26, 2025
LambertGroup - AllInOne - Banner with Playlist<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	Aug 25, 2025
AllInOne - Banner Rotator<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	Aug 25, 2025
WP Attractive Donations System - Easy Stripe & Paypal donations<= 1.25 SQL Injection	37.2	9.3	Aug 21, 2025
Lawyer Directory<= 1.3.2 Cross Site Scripting (XSS)	14.2	7.1	Aug 11, 2025
Tribe<= 1.7.3 Local File Inclusion	32.4	8.1	Dec 3, 2025
Alchemists<= 4.6.0 Local File Inclusion	32.4	8.1	Dec 3, 2025
Riode Core<= 1.6.26 SQL Injection	37.2	9.3	Dec 1, 2025
Molla<= 1.5.16 Local File Inclusion	32.4	8.1	Dec 1, 2025
Wolmart<= 1.9.6 Local File Inclusion	32.4	8.1	Nov 30, 2025
The Issue<= 1.6.11 Local File Inclusion	32.4	8.1	Nov 29, 2025
Starto<= 2.1.9 Cross Site Scripting (XSS)	10.65	7.1	Nov 26, 2025
Grand News<= 3.4.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 26, 2025
Architecturer<= 3.8.8 Cross Site Scripting (XSS)	14.2	7.1	Nov 26, 2025
Awa Plugins<= 1.4.4 Cross Site Scripting (XSS)	14.2	7.1	Nov 26, 2025
Musico<= 3.2.4 Cross Site Scripting (XSS)	14.2	7.1	Nov 24, 2025
Celeste<= 1.3.6 PHP Object Injection	32.4	8.1	Nov 24, 2025
Gecko<= 1.9.8 Cross Site Scripting (XSS)	14.2	7.1	Nov 22, 2025
Claue - Clean, Minimal Elementor WooCommerce Theme<= 2.2.7 Cross Site Scripting (XSS)	14.2	7.1	Nov 22, 2025
Aora<= 1.3.15 Local File Inclusion	32.4	8.1	Nov 20, 2025
Metro<= 2.13 Cross Site Scripting (XSS)	14.2	7.1	Nov 19, 2025
Metro<= 2.13 Local File Inclusion	32.4	8.1	Nov 19, 2025
Sweet Date< 4.0.1 PHP Object Injection	90.16	9.8	Oct 30, 2025
Boldman<= 7.7 Local File Inclusion	11.25	7.5	Jan 21, 2026
Greenly Theme Addons< 8.2 Local File Inclusion	11.25	7.5	Jan 20, 2026
Greenly<= 8.1 Local File Inclusion	11.25	7.5	Jan 20, 2026
Valenti<= 5.6.3.5 PHP Object Injection	13.2	8.8	Oct 21, 2025
Grand Restaurant<= 7.0.10 PHP Object Injection	90.16	9.8	Oct 18, 2025
Wolmart Core<= 1.9.6 SQL Injection	37.2	9.3	Nov 30, 2025
Applay - Shortcodes<= 3.7 PHP Object Injection	14.7	9.8	Nov 30, 2025
Medilink-Core< 2.0.7 Local File Inclusion	11.25	7.5	Jan 17, 2026
CitiLights< 3.7.2 Broken Access Control	10.6	5.3	Jan 17, 2026
Turbo Manager< 4.0.8 Local File Inclusion	11.25	7.5	Jan 17, 2026
Nika<= 1.2.14 Local File Inclusion	24.3	8.1	Nov 29, 2025
Diza<= 1.3.15 Local File Inclusion	24.3	8.1	Nov 28, 2025
Fana<= 1.1.35 Local File Inclusion	24.3	8.1	Nov 28, 2025
Zota<= 1.3.14 Local File Inclusion	24.3	8.1	Nov 27, 2025
Diamond<= 2.4.8 Cross Site Scripting (XSS)	14.2	7.1	Nov 27, 2025
Whizz Plugins<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	Nov 26, 2025
Travelicious< 1.6.7 PHP Object Injection	39.2	9.8	Nov 25, 2025
Nestin< 1.2.6 PHP Object Injection	39.2	9.8	Nov 25, 2025
PatioTime< 2.1 PHP Object Injection	90.16	9.8	Nov 25, 2025
PatioTime< 2.1 Local File Inclusion	74.52	8.1	Nov 24, 2025
CozyStay< 1.9.1 Local File Inclusion	74.52	8.1	Nov 22, 2025
Golo< 1.7.5 Broken Access Control	10.6	5.3	Jan 6, 2026
Golo< 1.7.5 Local File Inclusion	11.25	7.5	Jan 6, 2026
VidoRev<= 2.9.9.9.9.9.7 Local File Inclusion	30	7.5	Nov 20, 2025
Urna<= 2.5.12 Local File Inclusion	32.4	8.1	Nov 20, 2025
Besa<= 2.3.15 Local File Inclusion	32.4	8.1	Nov 20, 2025
Hara<= 1.2.17 Local File Inclusion	32.4	8.1	Nov 20, 2025
Unicamp<= 2.7.1 Local File Inclusion	11.25	7.5	Jan 5, 2026
PhotoMe<= 5.7.1 Cross Site Scripting (XSS)	14.2	7.1	Nov 18, 2025
Reflector<= 1.2.2 Cross Site Scripting (XSS)	14.2	7.1	Nov 16, 2025
Grand Conference<= 5.3.4 Cross Site Scripting (XSS)	14.2	7.1	Nov 6, 2025
CMSMasters Content Composer<= 1.4.5 Local File Inclusion	25.88	7.5	Jan 3, 2026
Gyan Elements<= 2.2.1 Local File Inclusion	11.25	7.5	Jan 2, 2026
SOHO - Photography WordPress Theme<= 3.0.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 19, 2025
Oyster - Photography WordPress Theme<= 4.4.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 19, 2025
PhotoMe<= 5.6.11 PHP Object Injection	39.2	9.8	Nov 18, 2025
Oxygen<= 6.0.8 Server Side Request Forgery (SSRF)	14.4	7.2	Nov 17, 2025
Gauge<= 6.56.4 Broken Access Control	15	7.5	Nov 15, 2025
Prague<= 2.2.8 Cross Site Scripting (XSS)	14.2	7.1	Nov 15, 2025
Aardvark Plugin<= 2.19 Broken Access Control	15	7.5	Nov 15, 2025
Aardvark<= 4.6.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 15, 2025
Prowess<= 2.3 Local File Inclusion	11.25	7.5	Dec 26, 2025
Kentha Elementor Widgets< 3.1 Local File Inclusion	11.25	7.5	Dec 25, 2025
PeakShops<= 1.5.9 PHP Object Injection	13.2	8.8	Nov 14, 2025
PeakShops< 1.5.9 Local File Inclusion	32.4	8.1	Nov 14, 2025
Traveler< 3.2.8 SQL Injection	14.66	8.5	Dec 23, 2025
Grand Spa<= 3.5.5 Cross Site Scripting (XSS)	14.2	7.1	Nov 12, 2025
Grand Magazine<= 3.5.7 Cross Site Scripting (XSS)	14.2	7.1	Nov 12, 2025
Homey Core<= 2.4.3 Cross Site Scripting (XSS)	14.2	7.1	Nov 10, 2025
WorkScout-Core<= 1.7.06 Cross Site Scripting (XSS)	14.2	7.1	Nov 9, 2025
WorkScout<= 4.1.07 Cross Site Scripting (XSS)	14.2	7.1	Nov 9, 2025
Listivo Core<= 2.3.77 Local File Inclusion	32.4	8.1	Nov 9, 2025
MyHome Core<= 4.1.0 Local File Inclusion	30	7.5	Nov 8, 2025
Craft<= 2.3.6 Cross Site Scripting (XSS)	10.65	7.1	Nov 7, 2025
Grand Tour< 5.6.2 Cross Site Scripting (XSS)	32.66	7.1	Nov 6, 2025
DotLife< 4.9.5 Cross Site Scripting (XSS)	14.2	7.1	Nov 6, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending