Lana Codes

Wordfence Intelligence   >   Vulnerability Researchers   >   Lana Codes

Vulnerabilities Discovered:

418
All Time Discoveries
44
Discoveries since Feb 25, 2023

Showing 21-40 of 418 vulnerabilities

Sales Report Email for WooCommerce <= 2.8 - Missing Authorization for Email Functionality
6.5
CVE-2022-38141
Mar 2, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0395
Mar 1, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission
4.3
CVE-2023-27460
Mar 1, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0502
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0495
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
HT Portfolio <= 1.1.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0497
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0505
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
NEX-Forms - Ultimate Form Builder <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
6.4
CVE-2023-0272
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0484
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0499
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission
4.3
CVE-2022-41790
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission
4.3
CVE-2023-26521
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion
4.3
CVE-2023-0336
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission
4.3
CVE-2023-26523
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission
4.3
CVE-2022-41790
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation
4.3
CVE-2023-0501
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0500
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation
4.3
CVE-2023-0496
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation
4.3
CVE-2023-0504
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation
4.3
CVE-2023-0498
Feb 28, 2023
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Title CVE ID CVSS Vector Date
Sales Report Email for WooCommerce <= 2.8 - Missing Authorization for Email Functionality CVE-2022-38141 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N March 2, 2023
menu shortcode <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0395 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N March 1, 2023
CP Contact Form with Paypal <= 1.3.34 - Authenticated Feedback Submission CVE-2023-27460 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N March 1, 2023
WP News <= 1.1.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0502 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
HT Slider For Elementor <= 1.3.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0495 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
HT Portfolio <= 1.1.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0497 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
Ever Compare <= 1.2.3 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0505 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
NEX-Forms - Ultimate Form Builder <= 8.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-0272 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N February 28, 2023
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks <= 1.1.5 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0484 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
QuickSwish <= 1.0.9 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0499 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
WP Time Slots Booking Form <= 1.1.76 - Cross-Site Request Forgery to Feedback Submission CVE-2022-41790 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
Search in Place <= 1.0.104 - Missing Authorization to Feedback Submission CVE-2023-26521 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 28, 2023
OoohBoi Steroids for Elementor <= 2.1.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion CVE-2023-0336 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L February 28, 2023
Calculated Fields Form <= 1.1.120 - Missing Authorization to Feedback Submission CVE-2023-26523 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 28, 2023
WP Time Slots Booking Form <= 1.1.76 - Missing Authorization to Feedback Submission CVE-2022-41790 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N February 28, 2023
WP Insurance – WordPress Insurance Service Plugin <= 2.1.3 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation CVE-2023-0501 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
WP Film Studio <= 1.3.4 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0500 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
HT Event <= 1.4.5 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation CVE-2023-0496 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
HT Politic <= 2.3.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation CVE-2023-0504 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023
WP Education <= 1.2.6 - Cross-Site Request Forgery to Arbitrary Plugin Activation CVE-2023-0498 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N February 28, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation