Security Vulnerabilities - CVEs Published In April 2023
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in E4J s.R.L. VikBooking Hotel Booking Engine & PMS plugin <= 1.5.11 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-06
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.2.8 versions.
CVSS Score
5.9
EPSS Score
0.003
Published
2023-04-06
Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication.
This would allow an attacker to :
- Change the password, resulting in a DOS of the users
- Change the streaming source, compromising the integrity of the stream
- Change the streaming destination, compromising the confidentiality of the stream
This issue affects Yellowbrik: PEC 1864. No patch has been issued by the manufacturer as this model was discontinued.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-04-06
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in OceanWP Ocean Extra plugin <= 2.1.1 versions. Needs the OceanWP theme installed and activated.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-06
Cross-Site Request Forgery (CSRF) vulnerability in AdTribes.Io Product Feed PRO for WooCommerce plugin <= 12.4.4 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-04-06
A vulnerability was found in SourceCodester Simple Mobile Comparison Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/categories/view_category.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225150 is the identifier assigned to this vulnerability.
CVSS Score
6.3
EPSS Score
0.001
Published
2023-04-06
Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Really Simple Google Tag Manager plugin <= 1.0.6 versions.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-04-06
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kerry Kline BNE Testimonials plugin <= 2.0.7 versions.
CVSS Score
6.5
EPSS Score
0.001
Published
2023-04-06
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in CreativeThemes Blocksy Companion plugin <= 1.8.67 versions.
CVSS Score
5.5
EPSS Score
0.001
Published
2023-04-06
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kiboko Labs Namaste! LMS plugin <= 2.5.9.1 versions.
CVSS Score
5.9
EPSS Score
0.001
Published
2023-04-06