Themesawesome School Management System Sakolawp vulnerabilities
2 known vulnerabilities affecting themesawesome/school_management_system_sakolawp.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2024-12470P2CRITICALCVSS 9.8≤ 1.0.82025-01-07
CVE-2024-12470 [CRITICAL] CWE-266 CVE-2024-12470: The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation i
The School Management System – SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user.
nvd
CVE-2024-13647P4MEDIUMCVSS 4.3≤ 1.0.82025-02-27
CVE-2024-13647 [MEDIUM] CWE-352 CVE-2024-13647: The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request For
The School Management System – SakolaWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the 'save_exam_setting' and 'delete_exam_setting' actions. This makes it possible for unauthenticated attackers to update exam settings via a for
nvd