Common Vulnerabilities

In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.

CVE ID:

CVE-2023-0270

WordPress Plugin

yamaps <= 0.6.25

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0271

WordPress Plugin

wp-font-awesome <= 1.7.8

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0272

WordPress Plugin

nex-forms-express-wp-form-builder <= 8.3.2

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0273

WordPress Plugin

custom-content-shortcode <= 4.0.2

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0275

WordPress Plugin

wordpress-easy-paypal-payment-or-donation-accept-plugin <= 4.9.9

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0076

WordPress Plugin

download-attachments <= 1.2.24

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0075

WordPress Plugin

amazonjs <= 0.10

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0074

WordPress Plugin

wp-social-widget <= 2.2.3

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0073

WordPress Plugin

wp-client-logo-carousel <= 3.0.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0072

WordPress Plugin

wc-vendors <= 2.4.4

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0071

WordPress Plugin

wp-expand-tabs-free <= 2.1.16

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0274

WordPress Plugin

url-params <= 2.3

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0276

WordPress Plugin

weaverx-theme-support <= 6.2

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-26

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0165

WordPress Plugin

nd-projects <= 1.8

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0178

WordPress Plugin

anual-archive <= 1.5.5

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0176

WordPress Plugin

rafflepress <= 1.11.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0175

WordPress Plugin

smart-logo-showcase-lite <= 1.1.9

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0174

WordPress Plugin

wpvr <= 8.2.6

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0173

WordPress Plugin

wpfunnels <= 2.6.8

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0172

WordPress Plugin

juicer <= 1.10.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0079

WordPress Plugin

customer-reviews-woocommerce <= 5.16.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0171

WordPress Plugin

jquery-t-countdown-widget <= 2.3.23

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0170

WordPress Plugin

html5-audio-player <= 2.1.11

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0169

WordPress Plugin

zoho-forms <= 3.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More

CVE ID:

CVE-2023-0168

WordPress Plugin

olevmedia-shortcodes <= 1.1.9

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-25

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

Read More