Lana Codes

Title	CVE ID	CVSS	Vector	Date
Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4577	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Page View Count <= 2.6.0 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2023-0095	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
PPWP – WordPress Password Protect Page <= 1.8.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4626	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
WP-ShowHide <= 1.04 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4825	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Strong Testimonials <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4717	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Event Manager and Tickets Selling Plugin for WooCommerce <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0144	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 10, 2023
Post Grid, Post Carousel, & List Category Posts <= 2.4.18 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0097	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
WP Social Widget <= 2.2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0074	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
News & Blog Designer Pack <= 3.2 - Authenticated (Contributor+) Stored Cross-Site SQcripting via Shortcode	CVE-2022-4792	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
CPO Companion <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4837	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
WP Tabs <= 2.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0071	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
Posts List Designer by Category <= 3.1 - Authenticated (Contributor+) Stored Cross-Site Scriptiong via Shortcode	CVE-2022-4749	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 6, 2023
CC Child Pages <= 1.42 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4776	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
WP Extended Search <= 2.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4649	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Custom User Profile Fields <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4831	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Widgets for Google Reviews < 9.8 - Authenticated (Contributor+) Stored XSS	CVE-2022-4470	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Simple File Downloader <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4764	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 5, 2023
Social Sharing Toolkit <= 2.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4835	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
Blog Designer - Post and Widget <= 2.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4793	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023
RSS Aggregator by Feedzy <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2022-4667	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	January 4, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation