Vulnerabilities

In the Lana Codes Vulnerability Database (LANAVDB), we collect the vulnerabilities we discover in other systems and provide detailed analysis and descriptions.

Feather Login Page by Feather Plugins WordPress plugin Privilege Escalation

The plugin is affected by a Missing Authorization vulnerability in the expirable login links list ajax function, which leads to Privilege Escalation.

User Registration by WPEverest WordPess plugin Arbitrary File Upload

The plugin was affected by an Arbitrary File Upload vulnerability. Due to a hardcoded encryption key and a missing file type validation, it is even possible to upload a php file to the website.

BookIt by StylemixThemes WordPress plugin Authentication Bypass

The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.

Social Login and Register by miniOrange WordPess plugin Authentication Bypass

The plugin was affected by an Auth Bypass vulnerability. To bypass authentication, we only need to know the user’s email address. Depending on whose email address we know, we may even be given an administrator role on the website.

WCFM – WooCommerce Multivendor Membership by WC Lovers WordPress plugin Privilege Escalation

The plugin is affected by an Unauthenticated Insecure Direct Object Reference (IDOR) to Arbitrary User Email Change vulnerability, witch leads to User Password Reset, which leads to Privilege Escalation. The plugin has an insecurely used variable allowing to change the user email, and gain unauthorized access.