cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12332,https://securityvulnerability.io/vulnerability/CVE-2024-12332,SQL Injection Vulnerability in WPSchoolPress Plugin for WordPress,"The WPSchoolPress plugin for WordPress suffers from a SQL Injection vulnerability, identified in all versions up to and including 2.2.14. This vulnerability arises from inadequate escaping of user-supplied input in the 'cid' parameter and insufficient preparation of SQL queries. Consequently, authenticated attackers with Student/Parent-level access and higher may manipulate existing SQL queries to append additional commands, potentially allowing them to retrieve confidential information from the database. This presents a significant risk to the security and integrity of user data within the system.",Wordpress,School Management System – WPschoolpress,6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,false,false,false,2025-01-07T04:22:18.694Z,0
CVE-2024-9637,https://securityvulnerability.io/vulnerability/CVE-2024-9637,Privilege Escalation Vulnerability Affects School Management System,"The WPSchoolPress plugin for WordPress is susceptible to a vulnerability that facilitates privilege escalation through account takeover, affecting all versions up to and including 2.2.10. This vulnerability stems from the plugin's failure to correctly validate user identities when changing account details, such as email addresses. As a result, authenticated attackers with teacher-level access or higher can exploit this flaw to alter any user's email address, including those of administrators. This action can lead to a reset of the user's password, granting the attacker unauthorized access to the compromised account, thereby compromising the integrity and security of the system.",Wordpress,School Management System – WPschoolpress,8.8,HIGH,0.0005000000237487257,false,,false,false,false,,false,false,2024-10-26T08:36:00.481Z,0
CVE-2021-24664,https://securityvulnerability.io/vulnerability/CVE-2021-24664,WPSchoolPress < 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting,"The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.",Wordpress,School Management System – WPschoolpress,4.8,MEDIUM,0.0008999999845400453,false,,false,false,false,,false,false,2021-11-08T17:34:58.000Z,0
CVE-2021-24575,https://securityvulnerability.io/vulnerability/CVE-2021-24575,WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections,"The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.",Wordpress,School Management System – WPschoolpress,8.8,HIGH,0.001120000029914081,false,,false,false,false,,false,false,2021-11-08T17:34:44.000Z,0