CVE-2023-4776

CVSS 3.1 Score 3.7 of 10 (low)

Details

Published Oct 16, 2023

Updated: Nov 7, 2023

CWE ID 290

Summary

CVE-2023-4776 is a vulnerability affecting the School Management System WordPress plugin before version 2.2.5. This issue allows relatively low-privilege users, such as Teachers, to execute SQL injection attacks. The plugin fails to properly prepare queries using WordPress's esc_sql() function, instead applying it to a field that is not quoted. Consequently, an attacker can inject malicious SQL code, leading to unauthorized data access or manipulation. Users are advised to update the plugin to prevent potential exploitation.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tV5Iw6
https://www.cve.org/CVERecord?id=CVE-2023-4776
https://nvd.nist.gov/vuln/detail/CVE-2023-4776

Back to Vulnerability Database

CVE-2023-4776

CVSS 3.1 Score 3.7 of 10 (low)

Details

Summary

Advisories, Assessments, and Mitigations