🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Wordfence Intelligence > Vulnerability Researchers > Lucio Sá

Lucio Sá

All Time Ranking

110

All Time Discoveries

8 Achievements

Learn more about Achievements

Learn more Learn more about Achievements

Showing 1-20 of 110 Vulnerabilities

PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

4.3

CVE-2024-3607

Apr 24, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion

5.3

CVE-2024-3893

Apr 24, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update

8.8

CVE-2024-3895

Apr 23, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation

4.3

CVE-2024-0900

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting

4.3

CVE-2024-3664

Apr 22, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

MaxGalleria <= 6.4.2 - Missing Authorization

4.3

CVE-2024-3581

Apr 19, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store

4.3

CVE-2023-7067

Apr 18, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure

4.3

CVE-2023-6731

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization

4.3

CVE-2024-3606

Apr 16, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization

4.3

CVE-2024-3520

Apr 15, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings

6.4

CVE-2024-1041

Apr 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions

6.4

CVE-2024-1042

Apr 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)

8.5

CVE-2023-6964

Apr 9, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification

4.3

CVE-2024-1994

Apr 5, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection

8.8

CVE-2024-3217

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure

4.3

CVE-2024-1387

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Watu Quiz <= 3.4.1 - Sensitive Information Disclosure

4.3

CVE-2024-0872

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

ARMember <= 4.0.27 - Directory Traversal via X-FILENAME

5.3

CVE ID Unknown

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2024-0873

Apr 4, 2024

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address

4.3

CVE-2024-1504

Apr 1, 2024

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Title	CVE ID	CVSS	Vector	Date
PropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion	CVE-2024-3607	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	April 24, 2024
Classified Listing – Classified ads & Business Directory Plugin <= 3.0.10.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Attachment Deletion	CVE-2024-3893	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 24, 2024
WP Datepicker <= 2.1.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update	CVE-2024-3895	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 23, 2024
Elespare – Build Your Blog, News & Magazine Websites with Expert-Designed Template Kits. One Click Import: No Coding Skills Required! <= 2.1.2 - Missing Authorization to Subscriber+ Arbitrary Post Creation	CVE-2024-0900	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
Quick Featured Images <= 13.7.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Thumbnail Deletion/Setting	CVE-2024-3664	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 22, 2024
MaxGalleria <= 6.4.2 - Missing Authorization	CVE-2024-3581	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 19, 2024
ShopLentor <= 2.8.1 - Improper Authorization via woolentor_template_store	CVE-2023-7067	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 18, 2024
WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure	CVE-2023-6731	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 16, 2024
ProfileGrid – User Profiles, Memberships, Groups and Communities <= 5.8.3 - Missing Authorization	CVE-2024-3606	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 16, 2024
Country State City Dropdown CF7 <= 2.7.1 - Missing Authorization	CVE-2024-3520	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 15, 2024
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Authenticated(Subscriber+) Stored Cross-Site Scripting via Settings	CVE-2024-1041	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 9, 2024
WP Radio – Worldwide Online Radio Stations Directory for WordPress <= 3.1.9 - Missing Authorization via multiple AJAX actions	CVE-2024-1042	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 9, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.1.26 - Authenticated(Contributor+) Server-Side Request Forgery (SSRF)	CVE-2023-6964	8.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N	April 9, 2024
Image Watermark <= 1.7.3 - Missing Authorization to Authenticated (Subscriber+) Watermark Modification	CVE-2024-1994	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	April 5, 2024
WP Directory Kit <= 1.3.0 - Authenticated (Subscriber+) SQL Injection	CVE-2024-3217	8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	April 4, 2024
Happy Addons for Elementor <= 3.10.4 - Incorrect Authorization to Information Exposure	CVE-2024-1387	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 4, 2024
Watu Quiz <= 3.4.1 - Sensitive Information Disclosure	CVE-2024-0872	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N	April 4, 2024
ARMember <= 4.0.27 - Directory Traversal via X-FILENAME		5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N	April 4, 2024
Watu Quiz <= 3.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2024-0873	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	April 4, 2024
SecuPress Free — WordPress Security <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address	CVE-2024-1504	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	April 1, 2024

Share this researcher's vulnerability discoveries

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation