3 matches found
CVE-2024-9637 School Management System – WPSchoolPress <= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it...
CVE-2024-9637
CVE-2024-9637 concerns the WordPress plugin School Management System – WPSchoolPress . The vulnerability is an Insecure Direct Object Reference (IDOR) that enables privilege escalation via account takeover. An authenticated user with teacher-level access or above can alter other users’ emails (in...
WordPress WPSchoolPress Plugin <= 2.2.10 is vulnerable to Insecure Direct Object References (IDOR)
Software WPSchoolPress Type Plugin Vulnerable versions = 2.2.10 Fixed in 2.2.11 OWASP Top 10 A3: Injection Classification Insecure Direct Object References IDOR CVE CVE-2024-9637 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID d50363b8f523 Credits wesley wcraft Required...