CVE-2022-1609 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in School Management Pro plugin for WordPress affects v. before 9.9.7.
Short Info
Level
Critical
Type
Single Scan
Can be used by
Asset Owner
Estimated Time
10 sec
Scan only one
Domain, Ipv4
Parent Category
CVE-2022-1609 Scanner Detail
School Management Pro plugin for WordPress is an add-on that supposedly manages the entirety of school operations. It is widely used in schools to streamline operations that range from fee payments to exam results. This plugin must be installed on any WordPress website where such operations are required.
The School Management Pro plugin has been found to contain the CVE-2022-1609 vulnerability, an incredibly dangerous backdoor that allows anonymous attackers to execute arbitrary PHP code on websites where the plugin is installed. The vulnerability is available in all versions of the plugin before version 9.9.7, making it a widespread issue that can be easily exploited by hackers.
This vulnerability can be exploited by attackers to gain unauthorized access to the website, resulting in various malicious activities. If it is left unaddressed, the vulnerability can lead to website defacement, unauthorized data access, and data theft. Hackers can use this backdoor to control a website, intercept valuable data, and cause extensive damage to the network and its systems.
Thanks to the pro features of the securityforeveryone.com platform, readers of this article can easily and quickly learn about vulnerabilities in their digital assets. The platform features user-friendly security solutions and presents daily detailed information on vulnerabilities in popular plugins and digital assets. With a comprehensive report on current security risks, securityforeveryone.com allows website owners and their teams to stay informed and make the right decisions with the correct security measures.
REFERENCES
- https://www.broadcom.com/support/security-center/attacksignatures/detail?asid=33763
- https://patchstack.com/database/vulnerability/school-management-pro/wordpress-school-management-pro-premium-plugin-9-9-7-unauthenticated-remote-code-execution-rce-via-rest-api
- https://www.cybersecurity-help.cz/vdb/SB2022052325
- https://github.com/savior-only/CVE-2022-1609
- https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/
control security posture