Security Vulnerabilities - CVEs Published In April 2024
Permission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
6.2
EPSS Score
0.0
Published
2024-04-08
Vulnerability of file path verification being bypassed in the email module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-08
Vulnerability of undefined permissions in the Calendar app.
Impact: Successful exploitation of this vulnerability will affect availability.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-08
Vulnerability of package name verification being bypassed in the Calendar app.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-04-08
Vulnerability of data verification errors in the kernel module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-08
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.
CVSS Score
9.8
EPSS Score
0.017
Published
2024-04-08
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVSS Score
4.7
EPSS Score
0.002
Published
2024-04-08
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
6.8
EPSS Score
0.001
Published
2024-04-08
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
6.1
EPSS Score
0.001
Published
2024-04-08
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVSS Score
6.1
EPSS Score
0.003
Published
2024-04-08