CVE-2024-12610

Medium CVSS: 5.3

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts.

Vendor

Dasinfomedia

Product

School Management System

CWE

CWE-862

Yayın Tarihi

2025-03-07 09:15:15

Güncelleme

2025-07-07 18:17:03

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 School Management System MEDIUM Dasinfomedia 2025

Referanslar

https://codecanyon.net/item/school-management-system-for-wordpress/11470032 https://www.wordfence.com/threat-intel/vulnerabilities/id/9c3a7ca0-9325-4b50-a844-8eeb4047de1a?source=cve

Benzer Kayıtlar

Medium

CVE-2024-12611

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the…

High

CVE-2024-9658

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeov…

Medium

CVE-2024-12607

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of…

Medium

CVE-2024-12609

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance'…