Lucene search

Jetpack Scan Team and WordPress elevated support teamPATCHSTACK:C50B149DEB9C569BF1F7462025319F82

HistoryMay 20, 2022 - 12:00 a.m.

WordPress School Management Pro premium plugin < 9.9.7 - Unauthenticated Remote Code Execution (RCE) via REST API

2022-05-2000:00:00

Jetpack Scan Team and WordPress elevated support team

patchstack.com

0.166 Low

EPSS

Percentile

96.1%

JSON

Unauthenticated Remote Code Execution (RCE) via REST API discovered by Jetpack Scan Team and WordPress elevated support team in WordPress School Management Pro premium plugin (versions < 9.9.7).

Solution

           Update the WordPress School Management Pro premium plugin to the latest available version (at least 9.9.7).

CPENameOperatorVersion
school management prolt9.9.7

CPE	Name	Operator	Version
	school management pro	lt	9.9.7

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1609

jetpack.com/blog/backdoor-found-in-the-school-management-pro-plugin-for-wordpress/

weblizar.com/plugins/school-management/

0.166 Low

EPSS

Percentile

96.1%

JSON

Related for PATCHSTACK:C50B149DEB9C569BF1F7462025319F82