Common Vulnerabilities

In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.

CVE ID:

CVE-2023-0503

WordPress Plugin

99fy-core <= 1.2.7

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0502

WordPress Plugin

wp-news-magazine <= 1.1.9

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0500

WordPress Plugin

wp-film-studio <= 1.3.4

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0499

WordPress Plugin

quickswish <= 1.0.9

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0498

WordPress Plugin

wp-education <= 1.2.6

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0497

WordPress Plugin

ht-portfolio <= 1.1.5

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0496

WordPress Plugin

ht-event <= 1.4.5

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0501

WordPress Plugin

wp-insurance <= 2.1.3

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0484

WordPress Plugin

ht-contactform <= 1.1.5

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.

CVE ID:

CVE-2023-0495

WordPress Plugin

ht-slider-for-elementor <= 1.3.9

Vulnerability Type:

Cross-Site Request Forgery (CSRF)

The plugin does not have Cross-Site Request Forgery (CSRF) check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a Cross-Site Request Forgery (CSRF) attack.