Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

School Management System Security Vulnerabilities

cve
cve

CVE-2017-14843

Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

8.8CVSS

9.1AI Score

0.001EPSS

2017-09-28 01:29 AM
30
cve
cve

CVE-2021-24575

The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to tea...

8.8CVSS

8.9AI Score

0.001EPSS

2021-11-08 06:15 PM
23
cve
cve

CVE-2021-24664

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.

4.8CVSS

4.8AI Score

0.001EPSS

2021-11-08 06:15 PM
54
cve
cve

CVE-2023-4776

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

8.8CVSS

9AI Score

0.001EPSS

2023-10-16 08:15 PM
31