Security Vulnerabilities - CVEs Published In April 2022
A Directory Traversal vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS 1.0.0 via the page GET parameter in index.php.
CVSS Score
6.5
EPSS Score
0.004
Published
2022-04-11
Bolt CMS <= 4.2 is vulnerable to Remote Code Execution. Unsafe theme rendering allows an authenticated attacker to edit theme to inject server-side template injection that leads to remote code execution.
CVSS Score
8.8
EPSS Score
0.05
Published
2022-04-11
The One Click Demo Import WordPress plugin before 3.1.0 does not validate the imported file, allowing high privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed
CVSS Score
7.2
EPSS Score
0.012
Published
2022-04-11
The Podcast Importer SecondLine WordPress plugin before 1.3.8 does not sanitise and properly escape some imported data, which could allow SQL injection attacks to be performed by imported a malicious podcast file
CVSS Score
7.2
EPSS Score
0.006
Published
2022-04-11
Jfinal_CMS 5.1.0 allows attackers to use the feedback function to send malicious XSS code to the administrator backend and execute it.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
In Studio-42 elFinder 2.1.60, there is a vulnerability that causes remote code execution through file name bypass for file upload.
CVSS Score
9.8
EPSS Score
0.148
Published
2022-04-11
Daylight Studio Fuel CMS 1.5.1 is vulnerable to HTML Injection.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such as subscriber, to call them. Due to the lack of sanitisation and escaping, it could also allows attackers to perform Cross-Site Scripting attacks on pages where a Portfolio is embed
CVSS Score
5.4
EPSS Score
0.002
Published
2022-04-11
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported using its backup functionality. An authorized user can import preconfigured settings of the plugin by uploading a zip file. After the uploading process, files in the uploaded zip file are extracted one by one. During the extraction process, existence of a file is checked. If the file exists, it is deleted without any security control by only considering the name of the extracted file. This behavior leads to "Zip Slip" vulnerability.
CVSS Score
4.9
EPSS Score
0.003
Published
2022-04-11
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
CVSS Score
6.1
EPSS Score
0.042
Published
2022-04-11