Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveWPScanCVE-2022-1609
HistoryJan 16, 2024 - 4:15 p.m.

CVE-2022-1609

2024-01-1616:15:09
CWE-94
WPScan
web.nvd.nist.gov
1816
In Wild
2
cve-2022-1609
wordpress plugin
backdoor
unauthenticated attack
arbitrary php code
nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it’s license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

Affected configurations

Nvd
Vulners
Node
weblizarschool_managementRange<9.9.7prowordpress
VendorProductVersionCPE
weblizarschool_management*cpe:2.3:a:weblizar:school_management:*:*:*:*:pro:wordpress:*:*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "school-management-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "9.9.7"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Social References

More

Related

githubexploit 5
wpvulndb 1
attackerkb 1
prion 1
nvd 1
cvelist 1
wpexploit 1
patchstack 1
thn 1
saint 2
nuclei 1
githubexploit
githubexploit
Exploit for CVE-2022-1609
2022-06-03 02:49:49
Exploit for Code Injection in Weblizar School Management
2022-06-09 14:36:55
Exploit for CVE-2022-1609
2022-06-03 02:49:49
wpvulndb
wpvulndb
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
attackerkb
attackerkb
CVE-2022-1609
2024-01-16 00:00:00
prion
prion
Code injection
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1609
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-1609 The School Management < 9.9.7 - Unauthenticated RCE via REST api
2024-01-16 15:52:21
wpexploit
wpexploit
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
patchstack
patchstack
WordPress School Management Pro premium plugin < 9.9.7 - Unauthenticated Remote Code Execution (RCE) via REST API
2022-05-20 00:00:00
thn
thn
Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-21 05:11:00
saint
saint
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
nuclei
nuclei
The School Management < 9.9.7 - Remote Code Execution
2022-05-26 06:25:43

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.389

Percentile

97.3%

JSON
Related for CVE-2022-1609
githubexploit5wpvulndb1attackerkb1prion1nvd1cvelist1wpexploit1patchstack1thn1saint2nuclei1