João Pedro S Alcântara (Kinorth)

Say thanks

22,161.91

XP

1,192

Reports

200

Reports, last 90 days

#1

3 Apr, 2026

🇧🇷

Lvl 12

Website

GitHub

Exploited

Affected software \| Vulnerability	AXP	Severity	Reported
Car Dealer<= 1.6.7 Cross Site Scripting (XSS)	14.2	7.1	29/12/2025
Golo< 1.7.5 Cross Site Scripting (XSS)	14.2	7.1	06/01/2026
Apicona<= 24.1.0 PHP Object Injection	17.6	8.8	30/12/2025
NaturaLife Extensions<= 2.1 Cross Site Scripting (XSS)	14.2	7.1	30/12/2025
NaturaLife Extensions<= 2.1 Local File Inclusion	32.4	8.1	30/12/2025
Vayvo< 6.8 Cross Site Scripting (XSS)	14.2	7.1	18/01/2026
Boutique< 2.4.6 Cross Site Scripting (XSS)	14.2	7.1	11/01/2026
Gaea< 3.8 Cross Site Scripting (XSS)	14.2	7.1	22/01/2026
Gyan Elements<= 2.2.1 Cross Site Scripting (XSS)	14.2	7.1	02/01/2026
KIDZ<= 5.24 PHP Object Injection	39.2	9.8	07/01/2026
Ricky< 2.31 PHP Object Injection	29.4	9.8	08/01/2026
Tasty Daily< 1.27 PHP Object Injection	29.4	9.8	08/01/2026
Goldish< 3.47 PHP Object Injection	39.2	9.8	08/01/2026
Motta Addons< 1.6.1 Cross Site Scripting (XSS)	14.2	7.1	09/01/2026
Kunco< 1.4.5 Local File Inclusion	74.52	8.1	30/01/2026
Phox Hosting<= 2.0.8 Cross Site Scripting (XSS)	14.2	7.1	26/12/2025
Kentha<= 4.7.2 Cross Site Scripting (XSS)	14.2	7.1	24/12/2025
XStore Core<= 5.6.4 Cross Site Scripting (XSS)	97.98	7.1	20/12/2025
Penci Soledad Data Migrator<= 1.3.1 Cross Site Scripting (XSS)	42.6	7.1	13/12/2025
tagDiv Composer<= 5.4.2 Cross Site Scripting (XSS)	56.8	7.1	09/12/2025
Wolverine Framework<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Darna Framework<= 2.9 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Zorka<= 1.5.7 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Legacy Admin<= 9.5 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Ultra WordPress Admin<= 11.7 Cross Site Scripting (XSS)	14.2	7.1	09/12/2025
Handmade Framework<= 3.9 Cross Site Scripting (XSS)	14.2	7.1	08/12/2025
Lisfinity Core<= 1.5.0 SQL Injection	37.2	9.3	07/12/2025
DeepDigital<= 1.0.2 Cross Site Scripting (XSS)	14.2	7.1	05/12/2025
BuddyApp<= 1.9.2 Cross Site Scripting (XSS)	14.2	7.1	05/12/2025
EventON<= 4.9.12 Cross Site Scripting (XSS)	48.99	7.1	29/09/2025
Ultimate Addons for WPBakery Page Builder< 3.21.1 Broken Access Control	44.85	6.5	29/09/2025
Medilazar Core< 1.4.7 Local File Inclusion	11.25	7.5	29/01/2026
Porto<= 7.6.2 Cross Site Scripting (XSS)	56.8	7.1	11/09/2025
UberSlider Ultra<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider PerpetuumMobile<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider MouseInteraction<= 2.3 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
UberSlider Classic<= 2.5 Cross Site Scripting (XSS)	14.2	7.1	30/08/2025
LBG Zoominoutslider<= 5.4.5 Cross Site Scripting (XSS)	14.2	7.1	29/08/2025
LambertGroup - AllInOne - Banner with Thumbnails<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	26/08/2025
LambertGroup - AllInOne - Content Slider<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	26/08/2025
LambertGroup - AllInOne - Banner with Playlist<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	25/08/2025
AllInOne - Banner Rotator<= 3.8 Cross Site Scripting (XSS)	14.2	7.1	25/08/2025
WP Attractive Donations System - Easy Stripe & Paypal donations<= 1.25 SQL Injection	37.2	9.3	21/08/2025
Lawyer Directory<= 1.3.2 Cross Site Scripting (XSS)	14.2	7.1	11/08/2025
Tribe<= 1.7.3 Local File Inclusion	32.4	8.1	03/12/2025
Alchemists<= 4.6.0 Local File Inclusion	32.4	8.1	03/12/2025
Riode Core<= 1.6.26 SQL Injection	37.2	9.3	01/12/2025
Molla<= 1.5.16 Local File Inclusion	32.4	8.1	01/12/2025
Wolmart<= 1.9.6 Local File Inclusion	32.4	8.1	30/11/2025
The Issue<= 1.6.11 Local File Inclusion	32.4	8.1	29/11/2025
Starto<= 2.1.9 Cross Site Scripting (XSS)	10.65	7.1	26/11/2025
Grand News<= 3.4.3 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Architecturer<= 3.8.8 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Awa Plugins<= 1.4.4 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Musico<= 3.2.4 Cross Site Scripting (XSS)	14.2	7.1	24/11/2025
Celeste<= 1.3.6 PHP Object Injection	32.4	8.1	24/11/2025
Gecko<= 1.9.8 Cross Site Scripting (XSS)	14.2	7.1	22/11/2025
Claue - Clean, Minimal Elementor WooCommerce Theme<= 2.2.7 Cross Site Scripting (XSS)	14.2	7.1	22/11/2025
Aora<= 1.3.15 Local File Inclusion	32.4	8.1	20/11/2025
Metro<= 2.13 Cross Site Scripting (XSS)	14.2	7.1	19/11/2025
Metro<= 2.13 Local File Inclusion	32.4	8.1	19/11/2025
Sweet Date< 4.0.1 PHP Object Injection	90.16	9.8	30/10/2025
Boldman<= 7.7 Local File Inclusion	11.25	7.5	21/01/2026
Greenly Theme Addons< 8.2 Local File Inclusion	11.25	7.5	20/01/2026
Greenly<= 8.1 Local File Inclusion	11.25	7.5	20/01/2026
Valenti<= 5.6.3.5 PHP Object Injection	13.2	8.8	21/10/2025
Grand Restaurant<= 7.0.10 PHP Object Injection	90.16	9.8	18/10/2025
Wolmart Core<= 1.9.6 SQL Injection	37.2	9.3	30/11/2025
Applay - Shortcodes<= 3.7 PHP Object Injection	14.7	9.8	30/11/2025
Medilink-Core< 2.0.7 Local File Inclusion	11.25	7.5	17/01/2026
CitiLights< 3.7.2 Broken Access Control	10.6	5.3	17/01/2026
Turbo Manager< 4.0.8 Local File Inclusion	11.25	7.5	17/01/2026
Nika<= 1.2.14 Local File Inclusion	24.3	8.1	29/11/2025
Diza<= 1.3.15 Local File Inclusion	24.3	8.1	28/11/2025
Fana<= 1.1.35 Local File Inclusion	24.3	8.1	28/11/2025
Zota<= 1.3.14 Local File Inclusion	24.3	8.1	27/11/2025
Diamond<= 2.4.8 Cross Site Scripting (XSS)	14.2	7.1	27/11/2025
Whizz Plugins<= 1.9 Cross Site Scripting (XSS)	14.2	7.1	26/11/2025
Travelicious< 1.6.7 PHP Object Injection	39.2	9.8	25/11/2025
Nestin< 1.2.6 PHP Object Injection	39.2	9.8	25/11/2025
PatioTime< 2.1 PHP Object Injection	90.16	9.8	25/11/2025
PatioTime< 2.1 Local File Inclusion	74.52	8.1	24/11/2025
CozyStay< 1.9.1 Local File Inclusion	74.52	8.1	22/11/2025
Golo< 1.7.5 Broken Access Control	10.6	5.3	06/01/2026
Golo< 1.7.5 Local File Inclusion	11.25	7.5	06/01/2026
VidoRev<= 2.9.9.9.9.9.7 Local File Inclusion	30	7.5	20/11/2025
Urna<= 2.5.12 Local File Inclusion	32.4	8.1	20/11/2025
Besa<= 2.3.15 Local File Inclusion	32.4	8.1	20/11/2025
Hara<= 1.2.17 Local File Inclusion	32.4	8.1	20/11/2025
Unicamp<= 2.7.1 Local File Inclusion	11.25	7.5	05/01/2026
PhotoMe<= 5.7.1 Cross Site Scripting (XSS)	14.2	7.1	18/11/2025
Reflector<= 1.2.2 Cross Site Scripting (XSS)	14.2	7.1	16/11/2025
Grand Conference<= 5.3.4 Cross Site Scripting (XSS)	14.2	7.1	06/11/2025
CMSMasters Content Composer<= 1.4.5 Local File Inclusion	25.88	7.5	03/01/2026
Gyan Elements<= 2.2.1 Local File Inclusion	11.25	7.5	02/01/2026
SOHO - Photography WordPress Theme<= 3.0.3 Cross Site Scripting (XSS)	14.2	7.1	19/11/2025
Oyster - Photography WordPress Theme<= 4.4.3 Cross Site Scripting (XSS)	14.2	7.1	19/11/2025
PhotoMe<= 5.6.11 PHP Object Injection	39.2	9.8	18/11/2025
Oxygen<= 6.0.8 Server Side Request Forgery (SSRF)	14.4	7.2	17/11/2025
Gauge<= 6.56.4 Broken Access Control	15	7.5	15/11/2025

Report vulnerabilities to earn bounties and rewards!

Include pending