QwikSec

Security Database

CVE

CWE

Training

CVE-2022-2312

Published: Aug 22, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting

Vendor	Product	Versions
Unknown	Student Result or Employee Database	affected `1.7.5 - < 1.7.5`

Weaknesses (CWE)

References

https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.