2 matches found
WordPress WPSchoolPress plugin <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation vulnerability
Insecure Direct Object Reference to Authenticated Teacher+ Account Takeover/Privilege Escalation vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.10...
WordPress WPSchoolPress Plugin < 2.2.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software WPSchoolPress Type Plugin Vulnerable versions 2.2.5 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID f3154fce0e76 Credits Unknown Required privilege...