Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0369
WordPress Plugin
gotowp <= 5.1.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0399
WordPress Plugin
image-over-image-vc-extension <= 3.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0366
WordPress Plugin
loan-comparison <= 1.5.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0153
WordPress Plugin
vimeo-video-autoplay-automute <= 1.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0151
WordPress Plugin
utubevideo-gallery <= 2.0.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0150
WordPress Plugin
cloak-front-end-email <= 1.9.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0149
WordPress Plugin
wordprezi <= 0.8.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0154
WordPress Plugin
gamipress-vimeo-integration <= 1.0.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0148
WordPress Plugin
gallery-factory-lite <= 2.0.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0147
WordPress Plugin
flexible-captcha <= 4.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0146
WordPress Plugin
naver-map <= 1.1.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0145
WordPress Plugin
saan-world-clock <= 1.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0152
WordPress Plugin
wp-multi-store-locator <= 2.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0367
WordPress Plugin
pricing-tables-for-wpbakery-page-builder <= 2.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0368
WordPress Plugin
responsive-tabs-for-wpbakery <= 1.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-08
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-25067
WordPress Plugin
opening-hours <= 1.45
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-06
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when deleting a special opening hour, which could allow any authenticated users, such as subscriber to delete arbitrary special opening hour.
CVE ID:
CVE-2023-23986
WordPress Plugin
g-business-reviews-rating <= 4.14
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Missing Authorization
Date:
2023-01-06
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when updating a plugin settings, which could allow any authenticated users, such as subscriber to update plugin settings.
CVE ID:
CVE-2023-23716
WordPress Plugin
zendesk <= 1.8.4
Vulnerability Type:
Cross-Site Request Forgery (CSRF)
Date:
2023-01-06
The plugin does not have Cross-Site Request Forgery (CSRF) check when convert comment to a Zendesk ticket, which could allow attackers to make logged in admins create a Zendesk ticket from an arbitrary comment given they know the comment id.
CVE ID:
CVE-2023-0096
WordPress Plugin
happyforms <= 1.21.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0095
WordPress Plugin
page-views-count <= 2.6.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0097
WordPress Plugin
post-carousel <= 2.4.18
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0378
WordPress Plugin
greenshift-animation-and-page-builder-blocks <= 4.9.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0377
WordPress Plugin
scriptless-social-sharing <= 3.2.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0376
WordPress Plugin
qubely <= 1.8.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0375
WordPress Plugin
easy-affiliate-links <= 3.7.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.