21 matches found
WordPress Easy Student Results <=2.2.8 - Improper Authorization
WordPress Easy Student Results plugin through 2.2.8 is susceptible to information disclosure. The plugin lacks authorization in its REST API, which can allow an attacker to retrieve sensitive information related to courses, exams, and departments, as well as student grades and information such as...
EUVD-2022-34645
Malicious code in bioql PyPI...
CVE-2022-2378
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-2379
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...
CVE-2022-2379
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...
CVE-2022-2378
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-2378
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-2378
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
Cross site scripting
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
CVE-2022-2379 Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
The Easy Student Results WordPress plugin through 2.2.8 lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc...
CVE-2022-2379
CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...
CVE-2022-2378
The CVE-2022-2378 entry concerns the Easy Student Results WordPress plugin (versions 2.2.8 and earlier). The root cause, as documented across sources, is that user-supplied parameters are not properly sanitised or escaped before being echoed back in the page, resulting in a Reflected Cross-Site S...
CVE-2022-2378 Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting
The Easy Student Results WordPress plugin through 2.2.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting...
WordPress plugin Easy Student Results 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2022-16264 · WordPress · Easy Student Results
Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue concerns a lack of authorization in the REST API of the Easy Student Results WordPress plugin. This allows unauthenticated users to retrieve sensitive...
WordPress plugin Easy Student Results 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
PT-2022-16263 · WordPress · Easy Student Results
Name of the Vulnerable Software and Affected Versions: Easy Student Results WordPress plugin versions 2.2.8 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...
Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc PoC When the "Enable API for Mobile Apps" settings...
Easy Student Results <= 2.2.8 - Reflected Cross-Site Scripting
The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting https://example.com/wp-admin/admin.php?page=rpsresultbatch&edit=%3Cscript%3Ealert/XSS/%3C/script%3E...
Easy Student Results <= 2.2.8 - Sensitive Information Disclosure via REST API
The plugin lacks authorisation in its REST API, allowing unauthenticated users to retrieve information related to the courses, exams, departments as well as student's grades and PII such as email address, physical address, phone number etc When the "Enable API for Mobile Apps" settings...