Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0589
WordPress Plugin
wp-image-carousel <= 1.0.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-19
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2020-36656
WordPress Plugin
ultimate-addons-for-gutenberg <= 1.14.11
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-18
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0220
WordPress Plugin
booking-system <= 2.9.9.2.8
Vulnerability Type:
SQL Injection
Date:
2023-01-11
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-23726
WordPress Plugin
tickera-event-ticketing-system <= 3.5.1.0
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-11
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when updating a post status, which could allow any authenticated users, such as subscriber to update arbitrary post status.
CVE ID:
CVE-2023-23714
WordPress Plugin
uncanny-learndash-toolkit <= 3.6.4.1
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-11
The plugin does not have Cross-Site Request Forgery (CSRF) check when installing plugins, which could allow attackers to make logged in admins install and activate arbitrary plugins from wordpress.org repository via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0535
WordPress Plugin
donations-block <= 2.0.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0559
WordPress Plugin
gs-envato-portfolio <= 1.3.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0541
WordPress Plugin
gs-books-showcase <= 1.3.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0540
WordPress Plugin
gs-portfolio <= 1.6.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0539
WordPress Plugin
gs-instagram-portfolio <= 1.4.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0492
WordPress Plugin
gs-woocommerce-products-slider <= 1.5.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0491
WordPress Plugin
schedulicity-online-appointment-booking <= 2.21
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0538
WordPress Plugin
campaign-url-builder <= 1.8.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0542
WordPress Plugin
custom-post-type-list-shortcode <= 1.4.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0490
WordPress Plugin
fx-toc <= 1.1.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0495
WordPress Plugin
ht-slider-for-elementor <= 1.3.9
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0484
WordPress Plugin
ht-contactform <= 1.1.5
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0501
WordPress Plugin
wp-insurance <= 2.1.3
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0496
WordPress Plugin
ht-event <= 1.4.5
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0497
WordPress Plugin
ht-portfolio <= 1.1.5
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0498
WordPress Plugin
wp-education <= 1.2.6
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0499
WordPress Plugin
quickswish <= 1.0.9
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0500
WordPress Plugin
wp-film-studio <= 1.3.4
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0502
WordPress Plugin
wp-news-magazine <= 1.1.9
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0503
WordPress Plugin
99fy-core <= 1.2.7
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.