Back to search
CVE-2023-4776
Published: Oct 16, 2023
Modified: Apr 23, 2025
PUBLISHED
Description
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.
| Vendor | Product | Versions |
|---|---|---|
Unknown | School Management System | affected 0 - < 2.2.5 |
References
https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now