Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:199B4764E7C4AB09BDCC5427977F0F3D
HistoryAug 12, 2022 - 12:00 a.m.

Weblizar School Management Pro plugin backdoor

2022-08-1200:00:00
SAINT Corporation
download.saintcorporation.com
186
weblizar school management pro
backdoor
cve-2022-1609
wordpress
remote attackers
arbitrary commands
upgrade
jetpack

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.389

Percentile

97.3%

JSON

Added: 08/12/2022
CVE: CVE-2022-1609

Background

Weblizar School Management is a WordPress plugin for management of school operations.

Problem

The license checking code in School Management Pro contains a backdoor which allows remote attackers to execute arbitrary commands.

Resolution

Upgrade to the current version of School Management Pro.

References

<https://jetpack.com/blog/backdoor-found-in-the-school-management-pro-plugin-for-wordpress/&gt;

Related

githubexploit 5
wpvulndb 1
attackerkb 1
prion 1
nvd 1
cve 1
cvelist 1
wpexploit 1
patchstack 1
thn 1
saint 1
nuclei 1
githubexploit
githubexploit
Exploit for CVE-2022-1609
2022-06-03 02:49:49
Exploit for Code Injection in Weblizar School Management
2022-06-09 14:36:55
Exploit for CVE-2022-1609
2022-06-03 02:49:49
wpvulndb
wpvulndb
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
attackerkb
attackerkb
CVE-2022-1609
2024-01-16 00:00:00
prion
prion
Code injection
2024-01-16 16:15:00
nvd
nvd
CVE-2022-1609
2024-01-16 16:15:09
cve
cve
CVE-2022-1609
2024-01-16 16:15:09
cvelist
cvelist
CVE-2022-1609 The School Management < 9.9.7 - Unauthenticated RCE via REST api
2024-01-16 15:52:21
wpexploit
wpexploit
The School Management < 9.9.7 - Unauthenticated RCE via REST api
2022-05-18 00:00:00
patchstack
patchstack
WordPress School Management Pro premium plugin < 9.9.7 - Unauthenticated Remote Code Execution (RCE) via REST API
2022-05-20 00:00:00
thn
thn
Researchers Find Backdoor in School Management Plugin for WordPress
2022-05-21 05:11:00
saint
saint
Weblizar School Management Pro plugin backdoor
2022-08-12 00:00:00
nuclei
nuclei
The School Management < 9.9.7 - Remote Code Execution
2022-05-26 06:25:43

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.389

Percentile

97.3%

JSON
Related for SAINT:199B4764E7C4AB09BDCC5427977F0F3D
githubexploit5wpvulndb1attackerkb1prion1nvd1cve1cvelist1wpexploit1patchstack1thn1saint1nuclei1