Common Vulnerabilities

In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.

CVE ID:

CVE-2022-4718

WordPress Plugin

page-builder-add <= 1.4.9.8.9

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-22

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4756

WordPress Plugin

youtube-channel <= 3.0.12.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-22

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4678

WordPress Plugin

templatesnext-toolkit <= 3.2.7

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4679

WordPress Plugin

wufoo-shortcode <= 1.51

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4655

WordPress Plugin

usc-e-shop <= 2.8.8

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4649

WordPress Plugin

wp-extended-search <= 2.1.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4656

WordPress Plugin

wp-stats-manager <= 6.4

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4654

WordPress Plugin

easy-pricing-tables <= 3.2.2

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4784

WordPress Plugin

hueman-addons <= 2.3.3

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4785

WordPress Plugin

video-sidebar-widgets <= 6.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2023-0395

WordPress Plugin

menu-shortcode <= 1.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4787

WordPress Plugin

themify-shortcodes <= 2.0.7

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4650

WordPress Plugin

hashbar-wp-notification-bar <= 1.3.5

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4651

WordPress Plugin

justified-gallery <= 1.7.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4652

WordPress Plugin

video-background <= 2.7.4

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4657

WordPress Plugin

menu-ordering-reservations <= 2.3.5

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4786

WordPress Plugin

videojs-html5-video-player-for-wordpress <= 4.5.0

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4788

WordPress Plugin

dirtysuds-embed-pdf <= 1.0.6

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4661

WordPress Plugin

woo-products-widgets-for-elementor <= 1.0.6

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2023-0034

WordPress Plugin

jetwidgets-for-elementor <= 1.0.13

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4653

WordPress Plugin

greenshift-animation-and-page-builder-blocks <= 4.8.8

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4658

WordPress Plugin

rss-import <= 4.6.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4693

WordPress Plugin

user-verification <= 1.0.93

Vulnerability Type:

Authentication Bypass

Date:

2022-12-21

The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.

CVE ID:

CVE-2023-0431

WordPress Plugin

file-away <= 3.9.9.0.1

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-21

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.

CVE ID:

CVE-2022-4795

WordPress Plugin

wc-gallery <= 1.67

Vulnerability Type:

Cross-Site Scripting (XSS)

Date:

2022-12-20

The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.