School Management < 57.0 – CSRF and Stored XSS | Plugin Vulnerabilities

Description

CSRF and Stored XSS (Cross Site Scripting)

Edit (WPScanTeam):
June 17th - Issue Reported to Envato
June 17th - Envato Support confirmed they are investigating the issue
June 28th - New version released, fixing the XSS but not the CSRF. Envato notified
July 5th - Demo fixed, new version to be released
July 11th - v57.0 released

Proof of Concept

Video POC : https://drive.google.com/file/d/138mNHBVRXViciHmLBpwPjE5HFgEa2DOK/view?usp=sharing

HTML_FILE : https://drive.google.com/file/d/1lIs8LdFWu9ra8hwEKoAKuU3DpXyuxx_H/view?usp=sharing

Affects Plugins

school-management

Fixed in 57.0

References

URL

https://codecanyon.net/item/school-management-system-for-wordpress/11470032

Miscellaneous

Original Researcher

m0ns7er

Submitter

Akash Labade

Submitter website

https://www.asfaleia.tech

Submitter twitter

Verified

Yes

WPVDB ID

7fc2685f-a9e1-41e5-8c58-8f1bdb1759b6

Timeline

Publicly Published

2019-07-11 (about 6 years ago)

Added

2019-07-11 (about 6 years ago)

Last Updated

2019-11-27 (about 6 years ago)

Other

Published

Title

Published

2014-12-12

Title

WP Popup <= 1.3 - XSS & CSRF

Published

2014-08-01

Title

GRAND Flash Album Gallery - Multiple Vulnerabilities

Published

2015-04-29

Title

TheCartPress < 1.3.9.3 - Multiple Vulnerabilities

Published

2014-12-14

Title

Lightbox Photo Gallery 1.0 - CSRF/XSS

Published

2020-07-06

Title

Security & Malware scan by CleanTalk < 2.51 - Security Nonce Leak leading to Unauthorised AJAX call