Wordfence Intelligence   >   Vulnerability Researchers   >   Lucio Sá

Lucio Sá

19
All Time Ranking
348
All Time Discoveries
0
90 Day Published Submissions
27 Aug '25
Last Published Submission

13 Achievements

Learn more about Achievements
Resourceful Researcher
Resourceful Researcher
January 16, 2026
Submitted LFI Vulnerability
Submitted LFI Vulnerability
September 30, 2025
Submitted SQLi Vulnerability
Submitted SQLi Vulnerability
July 30, 2025
Submitted 300 Vulnerabilities
Submitted 300 Vulnerabilities
March 6, 2025
Submitted XSS Vulnerability
Submitted XSS Vulnerability
September 4, 2024
Submitted 200 Vulnerabilities
Submitted 200 Vulnerabilities
August 22, 2024
Submitted 100 Vulnerabilities
Submitted 100 Vulnerabilities
April 24, 2024
Submitted 75 Vulnerabilities
Submitted 75 Vulnerabilities
March 19, 2024
Submitted 50 Vulnerabilities
Submitted 50 Vulnerabilities
March 6, 2024
Submitted 25 Vulnerabilities
Submitted 25 Vulnerabilities
February 12, 2024
Submitted 10 Vulnerabilities
Submitted 10 Vulnerabilities
January 17, 2024
Submitted 5 Vulnerabilities
Submitted 5 Vulnerabilities
January 2, 2024
Submitted 1 Vulnerability
Submitted 1 Vulnerability
December 19, 2023
Learn more Learn more about Achievements

Showing 1-20 of 348 Vulnerabilities

LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated
4.3
CVE-2025-0951
Aug 27, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection
7.5
CVE-2024-12612
Aug 15, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset
9.8
CVE-2024-12827
Jun 26, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore
7.3
CVE-2024-13793
May 7, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution
7.3
CVE-2024-13738
May 2, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates
4.3
CVE-2024-13420
May 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
6.4
CVE-2024-13419
May 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload
8.8
CVE-2024-13418
May 1, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution
6.5
CVE-2024-13812
Apr 25, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates
5.3
CVE-2024-13307
Apr 23, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure
4.3
CVE-2025-1284
Apr 23, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation
8.1
CVE-2024-13776
Apr 4, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation
9.8
CVE-2024-13553
Mar 31, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
8.1
CVE-2024-13801
Mar 25, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions
8.8
CVE-2024-12920
Mar 18, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler
7.5
CVE-2024-13412
Mar 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion
9.8
CVE-2024-13790
Mar 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions
8.8
CVE-2024-13933
Mar 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler
9.8
CVE-2024-13410
Mar 18, 2025
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates
4.3
CVE-2025-2289
Mar 13, 2025
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
LiquidThemes Themes <= Various Versions - Missing Authorization to Authenticated (Subscriber+) All Plugins Deactivated CVE-2025-0951 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N August 27, 2025
School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection CVE-2024-12612 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N August 15, 2025
DWT - Directory & Listing WordPress Theme <= 3.3.6 - Unauthenticated Arbitrary User Password Reset CVE-2024-12827 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H June 26, 2025
Wolmart | Multi-Vendor Marketplace WooCommerce Theme <= 1.8.11 - Unauthenticated Arbitrary Shortcode Execution in wolmart_loadmore CVE-2024-13793 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L May 7, 2025
Motors - Car Dealer, Rental & Listing WordPress theme <= 5.6.65 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-13738 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L May 2, 2025
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Settings Updates CVE-2024-13420 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N May 1, 2025
Smart Framework <= Multiple Plugins - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting CVE-2024-13419 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N May 1, 2025
Smart Framework <= Multiple Plugins - Authenticated (Subscriber+) Arbitrary File Upload CVE-2024-13418 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H May 1, 2025
Anps Theme plugin <= 1.1.1 - Unauthenticated Arbitrary Shortcode Execution CVE-2024-13812 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N April 25, 2025
Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates CVE-2024-13307 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N April 23, 2025
Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure CVE-2025-1284 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N April 23, 2025
ZoomSounds - WordPress Wave Audio Player with Playlist <= 6.91 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update and Settings Manipulation CVE-2024-13776 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H April 4, 2025
SMS Alert Order Notifications – WooCommerce <= 3.7.9 - Unauthenticated Account Takeover/Privilege Escalation CVE-2024-13553 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 31, 2025
BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update CVE-2024-13801 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H March 25, 2025
FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Missing Authorization in Multiple Functions CVE-2024-12920 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H March 18, 2025
CozyStay <= 1.7.0 - Missing Authorization to Arbitrary Action Execution in ajax_handler CVE-2024-13412 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N March 18, 2025
MinimogWP – The High Converting eCommerce WordPress Theme <= 3.7.0 - Unauthenticated Local PHP File Inclusion CVE-2024-13790 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 18, 2025
FoodBakery | Delivery Restaurant Directory WordPress Theme <= 4.7 - Cross-Site Request Forgery in Multiple Functions CVE-2024-13933 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H March 18, 2025
CozyStay <= 1.7.0 and TinySalt <= 3.9.0 - Unauthenticated PHP Object Injection in ajax_handler CVE-2024-13410 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H March 18, 2025
Zegen - Church WordPress Theme <= 1.1.9 - Missing Authorization to Authenticated (Subscriber+) Theme Options Updates CVE-2025-2289 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 13, 2025

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation