Lana Codes

Title	CVE ID	CVSS	Vector	Date
Free WooCommerce Theme 99fy Extension <= 1.2.7 - Cross-Site Request Forgery leading to Arbitrary Plugin Activation	CVE-2023-0503	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 28, 2023
WP Shamsi <= 4.3.3 - Missing Authorization leading to Authenticated (Subscriber+) Attachment Deletion	CVE-2023-0335	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L	February 28, 2023
Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update	CVE-2023-1068	4.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N	February 27, 2023
WordPress Infinite Scroll - Ajax Load More <= 5.6.0.2 - Authenticated (Contributor+) Stored Cross Site Scripting via Shortcode	CVE-2022-4466	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 27, 2023
Drag and Drop Multiple File Upload for WooCommerce <= 1.0.8 - Cross-Site Request Forgery in upload and delete_file	CVE-2022-45377	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 24, 2023
Drag and Drop Multiple File Upload – Contact Form 7 <= 1.3.6.5 - Cross-Site Request Forgery in dnd_upload_cf7_upload and dnd_codedropz_upload_delete	CVE-2022-45364	8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	February 24, 2023
Apollo13 Framework Extensions <= 1.8.10 - Missing Authorization	CVE-2023-25959	5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N	February 24, 2023
Custom Content Shortcode <= 4.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0273	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 22, 2023
WPB Advanced FAQ <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0370	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 22, 2023
GoToWP <= 5.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0369	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 22, 2023
WP OAuth Server <= 4.2.3 - Cross-Site Request Forgery to Arbitrary Post Deletion (wo_ajax_remove_client)	CVE-2022-3894	6.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N	February 21, 2023
WP OAuth Server <= 4.2.5 - Authenticated (Subscriber+) Arbitrary Client Deletion (wo_ajax_remove_client)	CVE-2022-4148	4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N	February 21, 2023
Smart Logo Showcase Lite <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0175	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
Saan World Clock <= 1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0145	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
React Webcam <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0365	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
real.Kit <= 5.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode	CVE-2023-0364	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 21, 2023
Gutenberge Blocks <= 2.1.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcodes	CVE-2023-22713	6.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N	February 20, 2023
Video Gallery – YouTube Gallery <= 1.7.6 - Missing Authorization	CVE-2023-25988	7.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L	February 20, 2023
Community by PeepSo <= 6.0.2.0 - Cross Site Request Forgery	CVE-2022-41633	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 20, 2023
Social Login WP <= 5.0.0.0 - Cross-Site Request Forgery	CVE-2022-38063	5.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L	February 20, 2023

Share this researcher's vulnerability discoveries

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation