3 matches found
CVE-2022-2312
creationtimestamp| type| source ---|---|--- 2022-08-22 18:20:28+00:00| seen| https://t.me/cibsecurity/48475...
CVE-2022-2312
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it...
CVE-2022-2312
The CVE pertains to the WordPress plugin “Student Result or Employee Database” (versions before 1.7.5). It lacks CSRF protection in its AJAX actions, enabling a logged-in user with a low privilege (as low as contributor) to perform add/edit/delete actions via CSRF. Additionally, insufficient sani...