Student Result Or Employee Database Project

student_result_or_employee_database_project

1 CVE • 1 product

Products (1)

Click to collapse

Toggle

Student Result Or Employee Database

student_result_or_employee_database

1 CVE

CVEs (1)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2022-2312 1Student Result Or Employee Database Project 1Student Result Or Employee Database Nov 21, 2024 Aug 22, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students vi...Show more The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scriptingShow less

CVE

VENDORS

PRODUCTS

UPDATED

PUBLISHED

CVSS

CVE-2022-2312

1Student Result Or Employee Database Project

1Student Result Or Employee Database

Nov 21, 2024

Aug 22, 2022

N/A· v4

5.4 MEDIUM· v3

N/A· v2

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scriptingShow less