5 matches found
CVE-2024-12607
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2024-12607
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2024-12607 School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task'
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2024-12607 School Management System for Wordpress <= 92.0.0 - Authenticated (Subscriber+) SQL Injection via 'mj_smgt_show_event_task'
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mjsmgtshoweventtask' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparatio...
CVE-2024-12607
CVE-2024-12607 affects the WordPress plugin “School Management System for WordPress.” It is an SQL Injection via the id parameter of the mj_smgt_show_event_task AJAX action in all versions up to and including 92.0.0. Exploitation requires authenticated access at Custom level or higher, enabling a...