Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0270
WordPress Plugin
yamaps <= 0.6.25
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0271
WordPress Plugin
wp-font-awesome <= 1.7.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0272
WordPress Plugin
nex-forms-express-wp-form-builder <= 8.3.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0273
WordPress Plugin
custom-content-shortcode <= 4.0.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0275
WordPress Plugin
wordpress-easy-paypal-payment-or-donation-accept-plugin <= 4.9.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0076
WordPress Plugin
download-attachments <= 1.2.24
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0075
WordPress Plugin
amazonjs <= 0.10
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0074
WordPress Plugin
wp-social-widget <= 2.2.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0073
WordPress Plugin
wp-client-logo-carousel <= 3.0.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0072
WordPress Plugin
wc-vendors <= 2.4.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0071
WordPress Plugin
wp-expand-tabs-free <= 2.1.16
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0274
WordPress Plugin
url-params <= 2.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0276
WordPress Plugin
weaverx-theme-support <= 6.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-26
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0165
WordPress Plugin
nd-projects <= 1.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0178
WordPress Plugin
anual-archive <= 1.5.5
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0176
WordPress Plugin
rafflepress <= 1.11.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0175
WordPress Plugin
smart-logo-showcase-lite <= 1.1.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0174
WordPress Plugin
wpvr <= 8.2.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0173
WordPress Plugin
wpfunnels <= 2.6.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0172
WordPress Plugin
juicer <= 1.10.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0079
WordPress Plugin
customer-reviews-woocommerce <= 5.16.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0171
WordPress Plugin
jquery-t-countdown-widget <= 2.3.23
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0170
WordPress Plugin
html5-audio-player <= 2.1.11
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0169
WordPress Plugin
zoho-forms <= 3.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0168
WordPress Plugin
olevmedia-shortcodes <= 1.1.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.