Unrated severityNVD Advisory· Published Aug 22, 2022· Updated Aug 3, 2024

Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

CVE-2022-2312

Description

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

WordPress/Student Result or Employee Database plugindescription
WordPress/Student Result or Employee Databasellm-create
Range: <1.7.5

Patches

Vulnerability mechanics

References

wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000