🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Lucio Sá

Lucio Sá

All Time Ranking

126

All Time Discoveries

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 61-80 of 126 Vulnerabilities

Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

5.3

CVE-2024-1732

Apr 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass

5.3

CVE-2024-1181

Mar 19, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update

5.3

CVE-2024-1733

Mar 15, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration

5.3

CVE-2024-1640

Mar 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass

5.3

CVE-2024-1321

Mar 8, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass

5.3

CVE-2024-1136

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication

5.3

CVE-2024-1368

Feb 27, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export

5.3

CVE-2024-1686

Feb 26, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval

5.3

CVE-2024-1126

Feb 14, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return

5.3

CVE-2024-1389

Feb 13, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change

5.3

CVE-2024-1322

Feb 12, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval

5.3

CVE-2024-1079

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import

5.3

CVE-2024-1110

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export

5.3

CVE-2024-1109

Feb 6, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass

5.3

CVE-2023-6963

Jan 17, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery

5.3

CVE-2023-6984

Jan 2, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation

4.7

CVE-2024-1501

Feb 20, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization

4.3

CVE-2024-3609

May 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery

4.3

CVE-2024-1467

May 8, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication

4.3

CVE-2024-3206

Apr 29, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion	CVE-2024-1732	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 1, 2024
Coming Soon, Under Construction & Maintenance Mode By Dazzler <= 2.1.2 - Maintenance Mode Bypass	CVE-2024-1181	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	March 19, 2024
Word Replacer Pro <= 1.0 - Missing Authorization to Unauthenticated Arbitrary Content Update	CVE-2024-1733	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 15, 2024
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form <= 2.10.1 - Unauthenticated Insecure Direct Object Reference to Form Submission Alteration	CVE-2024-1640	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 13, 2024
EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass	CVE-2024-1321	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	March 8, 2024
Coming Soon Page & Maintenance Mode <= 2.2.1 - Maintenance Mode Bypass	CVE-2024-1136	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 27, 2024
Page Duplicator <= 0.1.1 - Missing Authorization to Unauthenticated Post/Page Duplication	CVE-2024-1368	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 27, 2024
Thank You Page Customizer for WooCommerce – Increase Your Sales <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Data Export	CVE-2024-1686	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 26, 2024
EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval	CVE-2024-1126	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 14, 2024
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction <= 2.11.1 - Missing Authorization via pms_stripe_connect_handle_authorization_return	CVE-2024-1389	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 13, 2024
Directorist <= 7.8.4 - Missing Authorization to Unauthenticated Settings Change	CVE-2024-1322	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 12, 2024
Quiz Maker <= 6.5.2.4 - Missing Authorization to Unauthenticated Quiz Data Retrieval	CVE-2024-1079	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2024
Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Settings Import	CVE-2024-1110	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	February 6, 2024
Podlove Podcast Publisher <= 4.0.11 - Missing Authorization to Unauthenticated Data Export	CVE-2024-1109	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	February 6, 2024
Getwid – Gutenberg Blocks <= 2.0.4 - Captcha Bypass	CVE-2023-6963	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 17, 2024
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) <= 2.7.13 - Cross-Site Request Forgery	CVE-2023-6984	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	January 2, 2024
Database Reset <= 3.22 - Cross-Site Request Forgery to WP Reset Plugin Installation	CVE-2024-1501	4.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N	February 20, 2024
ReviewX – Multi-criteria Rating & Reviews for WooCommerce <= 1.6.27 - Missing Authorization	CVE-2024-3609	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 16, 2024
Starter Templates — Elementor, WordPress & Beaver Builder Templates <= 4.1.6 - Authenticated (Contributor+) Server-Side Request Forgery	CVE-2024-1467	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	May 8, 2024
Different Menu in Different Pages – Control Menu Visibility (All in One) <= 2.3.2 - Missing Authorization to Menu Duplication	CVE-2024-3206	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 29, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation