The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/ | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:52:21.658Z
Updated: 2024-01-16T15:52:21.658Z
Reserved: 2022-05-06T13:37:51.235Z
Link: CVE-2022-1609
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-16T16:15:09.530
Modified: 2024-01-22T19:59:05.563
Link: CVE-2022-1609
JSON object: View
Redhat Information
No data.
CWE