Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2025/03/09 8:33 a.m.9 views

CVE-2024-9658

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...

8.8CVSS7.2AI score0.0034EPSS
Exploits0References1
Circl
Circl
added 2025/03/07 8:34 a.m.7 views

CVE-2024-9658

creationtimestamp| type| source ---|---|--- 2025-03-07 08:34:53+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/6811 2025-03-07 11:48:59+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114120991612311147...

8.8CVSS7.8AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/03/07 8:21 a.m.6 views

CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...

8.8CVSS7.5AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2025/03/07 8:21 a.m.44 views

CVE-2024-9658

CVE-2024-9658 affects the WordPress plugin “School Management System for Wordpress” up to version 93.0.0. The root causes are improper identity validation during updates to user data (email/password) via mj_smgt_update_user() and mj_smgt_add_admission(), and a local file inclusion vulnerability. ...

8.8CVSS7.5AI score0.0034EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/03/07 8:21 a.m.13 views

CVE-2024-9658 School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password...

8.8CVSS0.0034EPSS
Exploits0References2
Rows per page
Query Builder