Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0360
WordPress Plugin
location-weather <= 1.3.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0374
WordPress Plugin
w4-post-list <= 2.4.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0373
WordPress Plugin
lightweight-accordion <= 1.5.14
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-02
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0059
WordPress Plugin
youzify <= 1.2.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0081
WordPress Plugin
google-analytics-for-wordpress <= 8.12.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0082
WordPress Plugin
google-analytics-dashboard-for-wp <= 7.12.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0380
WordPress Plugin
easy-digital-downloads <= 3.1.0.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0230
WordPress Plugin
vk-all-in-one-expansion-unit <= 9.85.0.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0231
WordPress Plugin
woolentor-addons <= 2.5.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0252
WordPress Plugin
contextual-related-posts <= 3.3.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0379
WordPress Plugin
spotlight-social-photo-feeds <= 1.4.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2023-01-01
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0078
WordPress Plugin
resume-builder <= 3.1.1
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Cross-Site Scripting (XSS),
Missing Authorization
Date:
2022-12-31
The plugin does not sanitize and escape some parameters related to resume, which could allow users with a role as low as subscriber to perform Stored Cross-Site Scripting (XSS) attacks against higher privilege users.
CVE ID:
CVE-2023-0065
WordPress Plugin
i2-pro-cons <= 1.3.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0064
WordPress Plugin
wens-responsive-column-layout-shortcodes <= 2.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0063
WordPress Plugin
synved-shortcodes <= 1.6.36
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0062
WordPress Plugin
ean-for-woocommerce <= 4.4.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0061
WordPress Plugin
judgeme-product-reviews-woocommerce <= 1.3.20
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0060
WordPress Plugin
responsive-gallery-grid <= 2.3.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-28
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0070
WordPress Plugin
responsivevoice-text-to-speech <= 1.7.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0069
WordPress Plugin
wpaudio-mp3-player <= 4.0.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0144
WordPress Plugin
mage-eventpress <= 3.7.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0068
WordPress Plugin
product-gtin-ean-upc-isbn-for-woocommerce <= 1.1.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0094
WordPress Plugin
upqode-google-maps <= 1.0.5
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0067
WordPress Plugin
timed-content <= 2.72
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0066
WordPress Plugin
companion-sitemap-generator <= 4.5.1.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-27
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.