Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0504
WordPress Plugin
wp-politic <= 2.3.7
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0505
WordPress Plugin
ever-compare <= 1.2.3
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-10
The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-0336
WordPress Plugin
ooohboi-steroids-for-elementor <= 2.1.4
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-10
The plugin has Cross-Site Request Forgery (CSRF) and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
CVE ID:
CVE-2023-0335
WordPress Plugin
wp-shamsi <= 4.3.3
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-10
The plugin has Cross-Site Request Forgery (CSRF) and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.
CVE ID:
CVE-2023-0536
WordPress Plugin
wp-d3 <= 2.4.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0537
WordPress Plugin
product-slider-for-woocommerce-lite <= 1.1.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0489
WordPress Plugin
slideonline <= 1.2.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-10
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0365
WordPress Plugin
react-webcam <= 1.2.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0364
WordPress Plugin
real-kit <= 5.1.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0363
WordPress Plugin
scheduled-announcements-widget <= 0.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0419
WordPress Plugin
shortcode-for-font-awesome <= 1.3.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0362
WordPress Plugin
themify-portfolio-post <= 1.2.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0405
WordPress Plugin
gpt3-ai-content-generator <= 1.4.37
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-09
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when updating a post content, which could allow any authenticated users, such as subscriber to update arbitrary post content.
CVE ID:
CVE-2023-0259
WordPress Plugin
wp-google-places-review-slider <= 11.7
Vulnerability Type:
SQL Injection
Date:
2023-01-09
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-0260
WordPress Plugin
wp-facebook-reviews <= 12.1
Vulnerability Type:
SQL Injection
Date:
2023-01-09
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-0261
WordPress Plugin
wp-tripadvisor-review-slider <= 10.7
Vulnerability Type:
SQL Injection
Date:
2023-01-09
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-0262
WordPress Plugin
wp-airbnb-review-slider <= 3.2
Vulnerability Type:
SQL Injection
Date:
2023-01-09
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-0263
WordPress Plugin
wp-yelp-review-slider <= 7.0
Vulnerability Type:
SQL Injection
Date:
2023-01-09
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber.
CVE ID:
CVE-2023-24377
WordPress Plugin
ecwid-shopping-cart <= 6.11.3
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-09
The plugin does not have Cross-Site Request Forgery (CSRF) check when importing WooCommerce data, which could allow attackers to make logged in admins perform such action via a Cross-Site Request Forgery (CSRF) attack.
CVE ID:
CVE-2023-25791
WordPress Plugin
fontiran <= 2.1
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-09
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a font, which could allow any authenticated users, such as subscriber to delete arbitrary font.
CVE ID:
CVE-2023-28417
WordPress Plugin
integration-dynamics <= 1.3.12
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-09
The plugin does not have authorisation check when updating log level or downloading log via an AJAX action, which could allow any authenticated users, such as subscriber to call it and update log level and download the log.
CVE ID:
CVE-2023-0418
WordPress Plugin
video-central <= 1.3.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-09
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0372
WordPress Plugin
embedstories <= 0.7.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0371
WordPress Plugin
embedalbum-pro <= 1.1.27
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0370
WordPress Plugin
wpb-advanced-faq <= 1.0.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.