CVE-2024-12611

Medium CVSS: 5.3

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Vendor

Dasinfomedia

Product

School Management System

CWE

CWE-862

Yayın Tarihi

2025-03-07 09:15:15

Güncelleme

2025-07-07 18:16:49

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 School Management System MEDIUM Dasinfomedia 2025

Referanslar

https://codecanyon.net/item/school-management-system-for-wordpress/11470032 https://www.wordfence.com/threat-intel/vulnerabilities/id/45ada7a4-466b-4e73-8869-e1178e4fc67a?source=cve

Benzer Kayıtlar

Medium

CVE-2024-12610

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a miss…

High

CVE-2024-9658

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeov…

Medium

CVE-2024-12607

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of…

Medium

CVE-2024-12609

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance'…