VYPR

Attendance Manager

by WordPress

Source repositories

CVEs (5)

  • CVE-2019-5971HigJul 5, 2019
    risk 0.57cvss 8.8epss 0.01

    Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.

  • CVE-2026-52712HigJun 16, 2026
    risk 0.49cvss 7.6epss 0.00

    Subscriber SQL Injection in Attendance Manager <= 0.6.2 versions.

  • CVE-2025-39515MedApr 16, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager attendance-manager allows Stored XSS.This issue affects Attendance Manager: from n/a through <= 0.6.2.

  • CVE-2019-5970MedJul 5, 2019
    risk 0.40cvss 6.1epss 0.02

    Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2026-3781MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL…