Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
attackerkbAttackerKBAKB:C950BD25-123F-477B-81C4-E086016577AC
HistoryJan 16, 2024 - 12:00 a.m.

CVE-2022-1609

2024-01-1600:00:00
attackerkb.com
17
wordpress plugin
obfuscated backdoor
unauthenticated
remote code execution

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it’s license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

Recent assessments:

Assessed Attacker Value: 0
Assessed Attacker Value: 0Assessed Attacker Value: 0

Related

githubexploit 5
wpvulndb 1
prion 1
nvd 1
cve 1
cvelist 1
wpexploit 1
patchstack 1
thn 1
saint 2
nuclei 1
githubexploit
githubexploit
Exploit for CVE-2022-1609
2022-06-03 02:49:49
Exploit for Code Injection in Weblizar School Management
2022-06-09 14:36:55
Exploit for CVE-2022-1609
2022-06-03 02:49:49
wpvulndb
wpvulndb
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
prion
prion
Code injection
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1609
2024-01-16 16:15:09
cve
cve
CVE-2022-1609
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-1609 The School Management < 9.9.7 - Unauthenticated RCE via REST api
2024-01-16 15:52:21
wpexploit
wpexploit
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
patchstack
patchstack
WordPress School Management Pro premium plugin < 9.9.7 - Unauthenticated Remote Code Execution (RCE) via REST API
2022-05-20 00:00:00
thn
thn
Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-21 05:11:00
saint
saint
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
nuclei
nuclei
The School Management < 9.9.7 - Remote Code Execution
2022-05-26 06:25:43

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON
Related for AKB:C950BD25-123F-477B-81C4-E086016577AC
githubexploit5wpvulndb1prion1nvd1cve1cvelist1wpexploit1patchstack1thn1saint2nuclei1