Security Vulnerabilities
- CVEs Published In April 2024
Permission verification vulnerability in the system module.
Impact: Successful exploitation of this vulnerability will affect availability.
Vulnerability of file path verification being bypassed in the email module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of undefined permissions in the Calendar app.
Impact: Successful exploitation of this vulnerability will affect availability.
Vulnerability of package name verification being bypassed in the Calendar app.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
Vulnerability of data verification errors in the kernel module.
Impact: Successful exploitation of this vulnerability may affect service confidentiality.
An issue was discovered in CandyCMS version 1.0.0, allows remote attackers to execute arbitrary code via the install.php component.
The WPB Show Core WordPress plugin before 2.7 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
The SendPress Newsletters WordPress plugin through 1.23.11.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
The Font Farsi WordPress plugin through 1.6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)