Vulnerability Details CVE-2022-2381
The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2022-2381
-
cpe:2.3:a:e_unlocked_-_student_result_project:e_unlocked_-_student_result:-
-
cpe:2.3:a:e_unlocked_-_student_result_project:e_unlocked_-_student_result:1.0.4