5 matches found
CVE-2024-9658
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...
CVE-2024-9658
creationtimestamp| type| source ---|---|--- 2025-03-07 08:34:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6811 2025-03-07 11:48:59+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114120991612311147...
CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...
CVE-2024-9658
CVE-2024-9658 affects the WordPress plugin “School Management System for Wordpress” up to version 93.0.0. The root causes are improper identity validation during updates to user data (email/password) via mj_smgt_update_user() and mj_smgt_add_admission(), and a local file inclusion vulnerability. ...
CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...