Sploit.io - Search

Product: E Unlocked – Student Result, version: >= 1.0.4, <= 1.0.4

CVE-2022-2381

Severity: Unknown

Description: The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack

CVSS Score: N/A

Affected Products:

Unknown E Unlocked – Student Result - Versions: 1.0.4

References:

https://wpscan.com/vulnerability/c39c41bf-f622-4239-a0a1-4dfe0e079f7f