CVE-2022-2312

The CVE pertains to the WordPress plugin “Student Result or Employee Database” (versions before 1.7.5). It lacks CSRF protection in its AJAX actions, enabling a logged-in user with a low privilege (as low as contributor) to perform add/edit/delete actions via CSRF. Additionally, insufficient sani...