Lucene search
K

3 matches found

Vulnrichment
Vulnrichment
added 2024/10/26 8:36 a.m.15 views

CVE-2024-9637 School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it...

8.8CVSS7.3AI score0.00489EPSS
Exploits0References3
CVE
CVE
added 2024/10/26 8:36 a.m.55 views

CVE-2024-9637

CVE-2024-9637 concerns the WordPress plugin School Management System – WPSchoolPress . The vulnerability is an Insecure Direct Object Reference (IDOR) that enables privilege escalation via account takeover. An authenticated user with teacher-level access or above can alter other users’ emails (in...

8.8CVSS8.9AI score0.00489EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/10/25 12:0 a.m.14 views

WordPress WPSchoolPress Plugin <= 2.2.10 is vulnerable to Insecure Direct Object References (IDOR)

Software WPSchoolPress Type Plugin Vulnerable versions = 2.2.10 Fixed in 2.2.11 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2024-9637 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d50363b8f523 Credits wesley wcraft Required...

8.8CVSS8.8AI score0.00489EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder