Vulnerabilities > Igexsolutions > Wpschoolpress > 2.1.15
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-16 | CVE-2023-4776 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. | 8.8 |
2021-11-08 | CVE-2021-24664 | Cross-site Scripting vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues. | 3.5 |