Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2023-0167
WordPress Plugin
getresponse-integration <= 5.5.31
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0166
WordPress Plugin
woocommerce-products-slider <= 1.13.41
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-25
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0080
WordPress Plugin
customer-reviews-woocommerce <= 5.15.0
Vulnerability Type:
Local File Inclusion (LFI)
Date:
2022-12-25
The plugin does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. RCE could also be achieved if the attacker manage to upload a malicious image containing PHP code, and then include it via the affected attribute, on a default WordPress install, authors could easily achieve that given that they have the upload_file capability.
CVE ID:
CVE-2022-4833
WordPress Plugin
yourchannel <= 1.2.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4832
WordPress Plugin
agile-store-locator <= 1.4.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4831
WordPress Plugin
pmpro-register-helper <= 1.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4830
WordPress Plugin
paid-memberships-pro <= 2.9.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4829
WordPress Plugin
show-hidecollapse-expand <= 1.2.5
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4828
WordPress Plugin
bold-timeline-lite <= 1.1.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4826
WordPress Plugin
simple-tooltips <= 2.1.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4825
WordPress Plugin
wp-showhide <= 1.04
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4824
WordPress Plugin
wp-blog-and-widgets <= 2.2.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4838
WordPress Plugin
clean-login <= 1.13.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0212
WordPress Plugin
advanced-recent-posts <= 0.6.14
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0177
WordPress Plugin
like-box <= 0.8.39
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0280
WordPress Plugin
ultimate-carousel-for-elementor <= 2.1.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0282
WordPress Plugin
yourchannel <= 1.2.1
Vulnerability Type:
Cross-Site Request Forgery (CSRF),
Cross-Site Scripting (XSS),
Missing Authorization
Date:
2022-12-24
The plugin does not sanitize and escape some parameters, which could allow users with a role as low as subscriber to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0267
WordPress Plugin
ultimate-carousel-for-visual-composer <= 2.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0268
WordPress Plugin
mega-addons-for-visual-composer <= 2.4.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4827
WordPress Plugin
wp-tiles <= 1.1.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-24
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4757
WordPress Plugin
list-pages-shortcode <= 1.7.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-23
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4758
WordPress Plugin
wd-google-maps <= 1.0.71
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-23
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4759
WordPress Plugin
gigpress <= 2.3.27
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-23
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4776
WordPress Plugin
cc-child-pages <= 1.42
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-23
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4760
WordPress Plugin
oneclick-whatsapp-order <= 1.0.4.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-23
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.