CVE-2022-2312

CVE-2022-2312: Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRF

Vendor Unknown
Product Student Result or Employee Database
Weakness CWE-639 · IDOR
Published August 22, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting

Key dates

02Disclosure timeline

August 22, 2022 CVE published
August 3, 2024 Record updated