2 matches found
CVE-2022-2379
CVE-2022-2379 affects the WordPress Easy Student Results plugin (versions ≤ 2.2.8). The REST API lacks proper authorization, allowing unauthenticated users to retrieve sensitive data: courses, exams, departments, student grades, and PII (email, physical address, phone). The CVSSv3.1 base score is...
CVE-2022-2378
The CVE-2022-2378 entry concerns the Easy Student Results WordPress plugin (versions 2.2.8 and earlier). The root cause, as documented across sources, is that user-supplied parameters are not properly sanitised or escaped before being echoed back in the page, resulting in a Reflected Cross-Site S...