João Pedro S Alcântara (Kinorth)

Say thanks

13138.07

XP

847

Reports

93

Reports, last 90 days

#2

17 Nov, 2025

Lvl 10

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Rey Core<= 3.1.8 Cross Site Scripting (XSS)	4.88	6.5	No date
Ohio Extra<= 3.6.0 Cross Site Scripting (XSS)	8.41	6.5	No date
SmartMag<= 10.3.0 Local File Inclusion	11.25	7.5	No date
SmartMag<= 10.3.1 Cross Site Scripting (XSS)	9.75	6.5	No date
Masterstudy< 4.8.126 Local File Inclusion	11.25	7.5	No date
K Elements< 5.5.0 Cross Site Scripting (XSS)	8.41	6.5	No date
Kleo< 5.5.0 Local File Inclusion	19.41	7.5	No date
Jannah - Extensions<= 1.1.4 Cross Site Scripting (XSS)	4.88	6.5	No date
Consulting Elementor Widgets<= 1.4.2 Cross Site Scripting (XSS)	9.75	6.5	No date
Consulting Elementor Widgets<= 1.4.2 Local File Inclusion	22.5	7.5	No date
Consulting< 6.7.5 Local File Inclusion	22.5	7.5	No date
Sahifa< 5.8.6 Cross Site Scripting (XSS)	9.75	6.5	No date
wpresidence<= 5.3.2 Broken Access Control	48.76	5.3	No date
Easy Social Share Buttons< 10.7.1 Cross Site Scripting (XSS)	28.4	7.1	Sep 26, 2025
Rehub< 19.9.9.1 Cross Site Scripting (XSS)	9.75	6.5	No date
Eduma<= 5.7.6 Local File Inclusion	22.5	7.5	No date
Eduma<= 5.7.6 Cross Site Scripting (XSS)	9.75	6.5	No date
Houzez Theme - Functionality< 4.2.0 Cross Site Scripting (XSS)	48.99	7.1	Sep 16, 2025
Houzez Theme - Functionality< 4.2.0 Cross Site Scripting (XSS)	16.82	6.5	No date
Houzez Theme - Functionality<= 4.1.8 Local File Inclusion	38.81	7.5	No date
UDesign Core<= 4.14.1 Cross Site Scripting (XSS)	14.63	6.5	No date
TheGem Theme Elements (for WPBakery)<= 5.10.5.1 Cross Site Scripting (XSS)	14.63	6.5	No date
tagDiv Cloud Library< 3.9.2 Cross Site Scripting (XSS)	4.88	6.5	No date
tagDiv Composer<= 5.4.1 Cross Site Scripting (XSS)	9.75	6.5	No date
Salient< 17.4.0 Broken Access Control	19.78	4.3	No date
Houzez< 4.2.0 Local File Inclusion	111.78	8.1	Sep 16, 2025
WoodMart< 8.3.2 Local File Inclusion	77.63	7.5	No date
Penci Bookmark & Follow< 2.4 Cross Site Scripting (XSS)	14.2	7.1	Sep 14, 2025
TheGem Demo Import (for WPBakery)<= 5.10.5 Arbitrary Content Deletion	19.5	6.5	Sep 13, 2025
TheGem Theme Elements (for WPBakery)<= 5.10.5.1 Local File Inclusion	97.2	8.1	Sep 13, 2025
TheGem (Elementor)<= 5.10.5.1 Cross Site Scripting (XSS)	42.6	7.1	Sep 12, 2025
WoodMart< 8.3.2 Cross Site Scripting (XSS)	33.64	6.5	No date
tagDiv Composer<= 5.4.1 Cross Site Scripting (XSS)	28.4	7.1	Sep 9, 2025
Fusion Builder<= 3.13.2 Cross Site Scripting (XSS)	34.13	6.5	No date
NEX-Forms LITE< 8.2 Cross Site Scripting (XSS)	10.65	7.1	Sep 1, 2025
CF7 Auto Responder Addon<= 2.4 Cross Site Scripting (XSS)	7.1	7.1	Aug 31, 2025
WP Subscription Forms PRO<= 2.0.5 Arbitrary Content Deletion	N/A	4.3	Jun 7, 2025
WP Virtual Assistant<= 3.0 Broken Access Control	7.95	5.3	Aug 22, 2025
Subscribe To Unlock<= 1.1.5 Local File Inclusion	8.44	7.5	Jun 6, 2025
Subscribe To Unlock<= 1.1.5 Broken Access Control	3.23	4.3	Jun 6, 2025
Subscribe to Download<= 2.0.9 Local File Inclusion	8.44	7.5	Jun 5, 2025
Subscribe to Download<= 2.0.9 Broken Access Control	3.23	4.3	Jun 5, 2025
AllInOne - Banner Rotator<= 3.8 SQL Injection	12.75	8.5	Aug 24, 2025
LambertGroup - AllInOne - Content Slider<= 3.8 SQL Injection	12.75	8.5	Aug 26, 2025
LambertGroup - AllInOne - Banner with Thumbnails<= 3.8 SQL Injection	12.75	8.5	Aug 26, 2025
LambertGroup - AllInOne - Banner with Playlist<= 3.8 SQL Injection	12.75	8.5	Aug 25, 2025
Directory Pro<= 2.5.5 Cross Site Scripting (XSS)	4.88	6.5	Jul 18, 2025
Accordion FAQ<= 2.2.1 Local File Inclusion	11.25	7.5	Jul 29, 2025
Penci Filter Everything< 1.7 Cross Site Scripting (XSS)	14.63	6.5	Sep 14, 2025
Penci Podcast<= 1.6 Cross Site Scripting (XSS)	14.63	6.5	Sep 14, 2025
Penci Recipe<= 4.0 Cross Site Scripting (XSS)	14.63	6.5	Sep 14, 2025
Penci Portfolio<= 3.5 Cross Site Scripting (XSS)	14.63	6.5	Sep 14, 2025
Penci Shortcodes & Performance< 6.1 Cross Site Scripting (XSS)	14.63	6.5	Sep 14, 2025
Soledad<= 8.6.8 Local File Inclusion	33.75	7.5	Sep 13, 2025
Soledad<= 8.6.8 Cross Site Scripting (XSS)	14.63	6.5	Sep 13, 2025
WooCommerce Orders & Customers Exporter<= 5.4 Broken Access Control	3.25	6.5	Aug 20, 2025
WhatsApp Chat for WordPress and WooCommerce<= 1.2.1 Cross Site Scripting (XSS)	7.1	7.1	Aug 19, 2025
Grid Plus<= 3.3 Cross Site Scripting (XSS)	10.65	7.1	Aug 14, 2025
Woocommerce Envato Affiliates<= 1.2.1 Cross Site Scripting (XSS)	7.1	7.1	Aug 12, 2025
Institutions Directory<= 1.3.3 Cross Site Scripting (XSS)	7.1	7.1	Jul 31, 2025
Hello Followers<= 2.5 Cross Site Scripting (XSS)	7.1	7.1	Jul 31, 2025
Epic Review<= 1.0.2 Cross Site Scripting (XSS)	7.1	7.1	Jul 31, 2025
Accordion FAQ<= 2.2.1 Cross Site Scripting (XSS)	10.65	7.1	Jul 29, 2025
Premium Age Verification / Restriction for WordPress<= 3.0.2 Arbitrary File Upload	45	10	Jun 23, 2025
Global DNS<= 3.1.0 Remote Code Execution (RCE)	30	10	Jul 24, 2025
IDonatePro<= 2.1.11 Broken Access Control	7.5	7.5	Jul 23, 2025
IDonatePro<= 2.1.9 Broken Access Control	7.5	7.5	Jul 22, 2025
Portfolio Manager Pro3.8 PHP Object Injection	29.4	9.8	Jun 20, 2025
PressApps Knowledge Base Contextual Sidebar Addon<= 4.2.1 PHP Object Injection	19.6	9.8	Jun 30, 2025
Portfolio Manager Pro3.8 Arbitrary File Upload	45	10	Jun 20, 2025
Support Ticket<= 1.9 Privilege Escalation	29.4	9.8	Jun 12, 2025
Simple Business Directory Pro< 15.6.9 Privilege Escalation	29.4	9.8	Jun 10, 2025
IDonatePro<= 2.1.9 Sensitive Data Exposure	3.25	6.5	Jul 18, 2025
Directory Pro<= 2.5.5 Cross Site Scripting (XSS)	14.2	7.1	Jul 16, 2025
WP Membership<= 1.6.3 Settings Change	5.4	5.4	Jul 11, 2025
Multimedia Playlist Slider Addon for WPBakery Page Builder<= 2.1 Cross Site Scripting (XSS)	7.1	7.1	Jun 13, 2025
smart SEO<= 4.0 Privilege Escalation	22.05	9.8	Jun 29, 2025
Premium SEO Pack<= 3.3.2 Privilege Escalation	26.4	8.8	Jun 25, 2025
Simple Business Directory Pro<= 15.5.1 Cross Site Scripting (XSS)	7.1	7.1	Jun 9, 2025
Universal Video Player - Addon for WPBakery Page Builder<= 3.2.1 Cross Site Scripting (XSS)	10.65	7.1	Jun 13, 2025
Apollo - Sticky Full Width HTML5 Audio Player<= 3.4 Cross Site Scripting (XSS)	10.65	7.1	Jun 12, 2025
SHOUT - HTML5 Radio Player With Ads - ShoutCast and IceCast Support<= 3.5.4 Cross Site Scripting (XSS)	7.1	7.1	Jun 12, 2025
Revolution Video Player With Bottom Playlist<= 2.9.2 Cross Site Scripting (XSS)	7.1	7.1	Jun 11, 2025
Radio Player Shoutcast & Icecast<= 4.4.7 Cross Site Scripting (XSS)	14.2	7.1	Jun 11, 2025
Simple Link Directory< 14.8.1 Cross Site Scripting (XSS)	10.65	7.1	Jun 11, 2025
KBx Pro Ultimate<= 8.0.5 PHP Object Injection	19.6	9.8	Jun 15, 2025
Ultra Portfolio<= 6.7 Cross Site Scripting (XSS)	10.65	7.1	Jun 13, 2025
Support Ticket<= 1.9 Cross Site Scripting (XSS)	7.1	7.1	Jun 12, 2025
ShareBang, Ultimate Social Share Buttons for WordPress<= 1.4 Cross Site Scripting (XSS)	7.1	7.1	Jun 11, 2025
Simple Link Directory< 14.8.1 Broken Authentication	101.43	9.8	Jun 11, 2025
Subscribe to Download<= 2.0.9 PHP Object Injection	29.4	9.8	Jun 4, 2025
Photo Express for Google<= 0.3.2 Cross Site Scripting (XSS)	7.1	7.1	May 3, 2025
WidgetKit<= 2.5.4 Cross Site Scripting (XSS)	4.88	6.5	Sep 27, 2024
The Plus Addons for Elementor Page Builder Lite<= 6.2.7 Cross Site Scripting (XSS)	39	6.5	Mar 28, 2025
Download Monitor<= 5.0.22 Local File Inclusion	58.22	7.5	Mar 31, 2025
Royal Elementor Addons<= 1.7.1017 Cross Site Scripting (XSS)	58.5	6.5	Mar 28, 2025
Sky Addons for Elementor<= 3.0.1 Cross Site Scripting (XSS)	5.61	6.5	Nov 8, 2024
Travelfic Toolkit<= 1.2.1 Cross Site Scripting (XSS)	9.75	6.5	Mar 28, 2025
Feedify – Web Push Notifications<= 2.4.5 Cross Site Scripting (XSS)	14.2	7.1	Nov 30, 2024
Run Contests, Raffles, and Giveaways with ContestsWP<= 2.0.6 Cross Site Scripting (XSS)	14.2	7.1	Jan 31, 2025

Report vulnerabilities to earn bounties and rewards!

Include pending