Lana Codes

Title	CVE ID	CVSS	Vector	Date
Download Manager <= 3.2.61 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4476	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
Smash Balloon Social Post Feed <= 4.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4477	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
Mesmerize Companion <= 1.6.133 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4481	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
WOOCS <= 1.3.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4431	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
WOOCS <= 1.3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via shortcode	CVE-2022-4431	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
Ibtana – WordPress Website Builder <= 1.1.8.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4674	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 20, 2022
iPages Flipbook <= 1.4.6 - Authenticated Contributor+ Stored Cross-Site Scripting via Shortcode	CVE-2022-4394	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2022
WP Recipe Maker <= 8.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4468	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 19, 2022
Vision Interactive <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4391	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 16, 2022
iPanorama 360 WordPress Virtual Tour Builder <= 1.6.29 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4392	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 16, 2022
ImageLinks Interactive Image Builder for WordPress <= 1.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4393	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 16, 2022
Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4664	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 16, 2022
WP-Table Reloaded <= 1.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4491	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	December 14, 2022
Flowerplayer Video Player <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3984	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
Responsive Lightbox2 <= 1.0.3 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3987	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
Easy Video Player <= 1.2.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3937	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
WP Stripe Checkout <= 1.2.2.20 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3986	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
Checkout for PayPal <= 1.0.13 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3983	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
Videojs HTML5 Player <= 1.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-3985	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 22, 2022
Welcart e-Commerce <= 2.8.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting	CVE-2022-3935	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	November 21, 2022

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation