Security Vulnerabilities - CVEs Published In April 2024
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Stored XSS.This issue affects Essential Blocks for Gutenberg: from n/a through 4.5.3.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-07
Deserialization of Untrusted Data vulnerability in VJInfotech WP Import Export Lite.This issue affects WP Import Export Lite: from n/a through 3.9.26.
CVSS Score
4.4
EPSS Score
0.002
Published
2024-04-07
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This issue affects ProfileGrid : from n/a through 5.7.6.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-07
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-04-07
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WisdmLabs Edwiser Bridge.This issue affects Edwiser Bridge: from n/a through 3.0.2.
CVSS Score
7.6
EPSS Score
0.002
Published
2024-04-07
Unrestricted Upload of File with Dangerous Type vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through <= 4.1.5.
CVSS Score
9.9
EPSS Score
0.004
Published
2024-04-07
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-04-07
A vulnerability, which was classified as problematic, has been found in SourceCodester Online Courseware 1.0. Affected by this issue is some unknown functionality of the file editt.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259598 is the identifier assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-04-07
A vulnerability, which was classified as problematic, was found in SourceCodester Online Courseware 1.0. This affects an unknown part of the file addq.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259599.
CVSS Score
3.5
EPSS Score
0.002
Published
2024-04-07
A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.
CVSS Score
6.3
EPSS Score
0.001
Published
2024-04-07