2025-03-07 08:21:26
Wordfence
PUBLISHED
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the mj_smgt_remove_feetype and mj_smgt_remove_category_new AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts.