CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3372 – Lana Shortcodes < 1.2.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2023-3372
23 Jun 2023 — The Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks. El complemento de WordPress Lana Shortcodes anterior a 1.2.0 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una página/publicación donde está incrustado el shortcode, lo que permite a los us... • https://wpscan.com/vulnerability/3396b734-9a10-4070-802d-f9d01cc6eb74 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2392 – Lana Downloads Manager < 1.8.0 - Contributor+ Arbitrary File Download
https://notcve.org/view.php?id=CVE-2022-2392
01 Aug 2022 — The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file download vulnerability that can be exploited by users with "Contributor" permissions or higher. El plugin Lana Downloads Manager de WordPress versiones anteriores a 1.8.0, está afectado por una vulnerabilidad de descarga de archivos arbitraria que puede ser explotada por usuarios con permisos "Contributor" o superiores. The Lana Downloads Manager plugin for WordPress is vulnerable to arbitrary file downloads in version... • https://wpscan.com/vulnerability/5001ed18-858e-4c9d-9d7b-a1305fcdf61b • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-552: Files or Directories Accessible to External Parties •