Security Advisory

CVE-2023-4776

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-10-16 19:38:59

Last updated 2025-04-23 16:13:48

Assigner WPScan

State PUBLISHED

Description

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

← Browse all CVEs View on cve.org ↗