Common Vulnerabilities
In the Lana Codes Common Vulnerability Database (LANACOMMONVDB), we collect the vulnerabilities we discover in other systems and provide standard descriptions.
CVE ID:
CVE-2022-4718
WordPress Plugin
page-builder-add <= 1.4.9.8.9
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-22
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4756
WordPress Plugin
youtube-channel <= 3.0.12.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-22
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4678
WordPress Plugin
templatesnext-toolkit <= 3.2.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4679
WordPress Plugin
wufoo-shortcode <= 1.51
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4655
WordPress Plugin
usc-e-shop <= 2.8.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4649
WordPress Plugin
wp-extended-search <= 2.1.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4656
WordPress Plugin
wp-stats-manager <= 6.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4654
WordPress Plugin
easy-pricing-tables <= 3.2.2
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4784
WordPress Plugin
hueman-addons <= 2.3.3
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4785
WordPress Plugin
video-sidebar-widgets <= 6.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0395
WordPress Plugin
menu-shortcode <= 1.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4787
WordPress Plugin
themify-shortcodes <= 2.0.7
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4650
WordPress Plugin
hashbar-wp-notification-bar <= 1.3.5
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4651
WordPress Plugin
justified-gallery <= 1.7.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4652
WordPress Plugin
video-background <= 2.7.4
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4657
WordPress Plugin
menu-ordering-reservations <= 2.3.5
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4786
WordPress Plugin
videojs-html5-video-player-for-wordpress <= 4.5.0
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4788
WordPress Plugin
dirtysuds-embed-pdf <= 1.0.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4661
WordPress Plugin
woo-products-widgets-for-elementor <= 1.0.6
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2023-0034
WordPress Plugin
jetwidgets-for-elementor <= 1.0.13
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4653
WordPress Plugin
greenshift-animation-and-page-builder-blocks <= 4.8.8
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4658
WordPress Plugin
rss-import <= 4.6.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4693
WordPress Plugin
user-verification <= 1.0.93
Vulnerability Type:
Authentication Bypass
Date:
2022-12-21
The plugin was affected by an Auth Bypass security vulnerability. To bypass authentication, we only need to know the user’s username. Depending on whose username we know, which can be easily queried because it is usually public data, we may even be given an administrative role on the website.
CVE ID:
CVE-2023-0431
WordPress Plugin
file-away <= 3.9.9.0.1
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-21
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.
CVE ID:
CVE-2022-4795
WordPress Plugin
wc-gallery <= 1.67
Vulnerability Type:
Cross-Site Scripting (XSS)
Date:
2022-12-20
The plugin does not sanitize and escapes some parameters, which could allow users with a role as low as contributor to perform Cross-Site Scripting (XSS) attacks.