WordPress Plugin Vulnerabilities

WPSchoolPress < 2.1.10 - Multiple Authenticated SQL Injections

Description

The plugin does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.

Proof of Concept

Affects Plugins

Plugin icon
wpschoolpress
Fixed in 2.1.10

References

CVE
CVE-2021-24575

Classification

Type
SQLI
OWASP top 10
A1: Injection
CWE
CWE-89
CVSS
7.7 (high)

Miscellaneous

Original Researcher
ZhongFu Su(JrXnm) of Wuhan University
Submitter
ZhongFu Su(JrXnm) of Wuhan University
Submitter website
https://blog.szfszf.top
Verified
Yes
WPVDB ID
83c9c3af-9eca-45e0-90d7-edc69e616e6a

Timeline

Publicly Published
2021-10-11 (about 4 years ago)
Added
2021-10-11 (about 4 years ago)
Last Updated
2022-09-26 (about 3 years ago)

Other

Published
Title
Published
2022-11-07
Title
HTML Forms < 1.3.25 - Admin+ SQLi
Published
2023-12-21
Title
JS Help Desk < 2.8.2 - Unauthenticated SQL Injection via email and trackingid
Published
2025-05-01
Title
Advance Seat Reservation Management for WooCommerce < 3.4 - Unauthenticated SQL Injection
Published
2024-03-26
Title
WordPress Action Network 1.4.3 - Admin+ SQLi
Published
2022-11-14
Title
Chaty < 3.0.3 - Admin+ SQLi