ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability

Product
Student Result or Employee Database
Description
Authorization Bypass vulnerability found by Lim Benjamin found in WordPress Student Result or Employee Database plugin version 1.6.3 and earlier versions. Specific Google dork could find vulnerable websites. Some functions of the plugin do not check the authorization.
Solution
Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.6.4).
Classification
Type BYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <=1.6.3
Fixed In 1.6.4
Disclosure date
2017-09-28
Credits
Lim Benjamin
Submitter
ThreatPress