CVE-2022-1609
- Reference to the description:
- Description:
- The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
- Last updated date:
- 01/22/2024
Reports
ACTIVELY EXPLOITED
- Type:
- exploitation
- Confidence:
- HIGH
- Date of publishing:
- 11/16/2022
- Reference url to background
https://unit42.paloaltonetworks.com/network-security-trends-update/
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 05/27/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/03/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 06/09/2022
- Reference url to background
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 01/22/2024
- Reference url to background
https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/