Vulnerability Details CVE-2024-12610
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 20.7%
CVSS Severity
CVSS v3 Score 5.3
References
Products affected by CVE-2024-12610
-
cpe:2.3:a:dasinfomedia:school_management_system:-