Lana Codes

Title	CVE ID	CVSS	Vector	Date
Csomagpontok és szállítási címkék WooCommerce hez <= 1.9.0.2 - Cross-Site Request Forgery	CVE-2022-41685	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	October 20, 2022
Official Integration for Billingo <= 3.3.9 - Reflected Cross-Site Scripting	CVE-2022-3420	6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	October 7, 2022
Backup Scheduler <= 1.5.13 - Cross-Site Request Forgery	CVE-2022-38079	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 23, 2022
3D Tag Cloud <= 3.8 - Cross-Site Request Forgery	CVE-2022-36417	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 22, 2022
WP Custom Cursors <= 3.0 - Cross-Site Request Forgery to Cursor Manipulation	CVE-2022-3151	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 21, 2022
WP Custom Cursors <= 3.0 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-3149	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	September 21, 2022
FavIcon Switcher <= 1.2.11 - Cross-Site Request Forgery	CVE-2022-40219	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 21, 2022
WP Custom Cursors <= 3.0.1 - Authenticated (Administrator+) SQL Injection	CVE-2022-3150	7.2	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	September 21, 2022
Multiple Plugins from Viszt Peter - Cross-Site Request Forgery	CVE-2022-3154	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	September 14, 2022
Ldap WP Login / Active Directory Integration <= 3.0.1 - Missing Authorization	CVE-2022-2987	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	September 5, 2022
Bitcoin / Altcoin Faucet <= 1.6.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting	CVE-2022-3025	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	August 31, 2022
Bitcoin Satoshi Tools <= 1.7.0 - Missing Authorization to Stored Cross-Site Scripting	CVE-2022-3024	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	August 31, 2022
Better Delete Revision <= 1.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting	CVE-2022-37412	5.5	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N	August 28, 2022
OAuth client Single Sign On for WordPress ( OAuth 2.0 SSO ) <= 3.0.3 - Missing Authorization	CVE-2022-3119	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	August 23, 2022
WP OAuth Server <= 3.0.4 - Authentication Bypass	CVE-2022-34149	7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	August 2, 2022
WP OAuth2 Server <= 1.0.1 - Authentication Bypass	CVE-2022-34839	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	July 18, 2022
OAuth Single Sign On – SSO (OAuth Client) <= 6.22.5 - Authentication Bypass	CVE-2022-2133	5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N	June 27, 2022
Simple Single Sign On <= 4.1.1 - Insecure OAuth Implementation to Authentication Bypass	CVE-2022-2083	8.1	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H	June 4, 2022

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation