Weblizar School Management vulnerabilities
2 known vulnerabilities affecting weblizar/school_management.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-1609P1CRITICALCVSS 9.8ExploitedPoCfixed in 9.9.72024-01-16
CVE-2022-1609 [CRITICAL] CWE-94 CVE-2022-1609: The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
nvd
CVE-2024-33911P3HIGHCVSS 7.2≤ 10.3.42024-05-02
CVE-2024-33911 [HIGH] CWE-89 CVE-2024-33911: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Weblizar School Management Pro.This issue affects School Management Pro: from n/a through 10.3.4.
nvd