5.3
CVE-2024-12611
- EPSS 0.31%
- Veröffentlicht 07.03.2025 09:15:15
- Zuletzt bearbeitet 07.07.2025 18:16:49
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
LoginSchool Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Mögliche Gegenmaßnahme
School Management System for Wordpress: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Dasinfomedia ≫ School Management System SwPlatformwordpress Version <= 93.0.0
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
School Management System for Wordpress
Version
*-93.0.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
https://codecanyon.net/item/school-management-system-for-wordpress/11470032
https://www.wordfence.com/threat-intel/vulnerabilities/id/45ada7a4-466b-4e73-8869-e1178e4fc67a?source=cve
https://www.wordfence.com/threat-intel/vulnerabilities/id/45ada7a4-466b-4e73-8869-e1178e4fc67a