Vulnerabilities and security researches forattendance-manager attendance-manager

Jun 06, 2024

CVE, Research URL: CVE-2019-5970
Home page URL: Security reports for Attendance Manager
Application: Attendance Manager
Date: Jul 05, 2019
Research Description: Cross-site scripting vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected versions: max 0.5.7.
Status: vulnerable

CVE, Research URL: CVE-2019-5971
Home page URL: Security reports for Attendance Manager
Application: Attendance Manager
Date: Jul 05, 2019
Research Description: Cross-site request forgery (CSRF) vulnerability in Attendance Manager 0.5.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
Affected versions: max 0.5.7.
Status: vulnerable

Apr 18, 2025

CVE, Research URL: CVE-2025-39515
Home page URL: Security reports for Attendance Manager
Application: Attendance Manager
Date: Apr 16, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tnomi Attendance Manager attendance-manager allows Stored XSS.This issue affects Attendance Manager: from n/a through <= 0.6.2.
Affected versions: max 0.6.2.
Status: vulnerable

Apr 13, 2026

CVE, Research URL: CVE-2026-3781
Home page URL: Security reports for Attendance Manager
Application: Attendance Manager
Date: Apr 08, 2026
Research Description: The Attendance Manager plugin for WordPress is vulnerable to SQL Injection via the 'attmgr_off' parameter in all versions up to, and including, 0.6.2. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected versions: max 0.6.2.
Status: vulnerable

Jun 16, 2026

CVE, Research URL: d61a53a5132d4f127db04c355b728189ae540eb5
Home page URL: Security reports for Attendance Manager
Application: Attendance Manager
Date: Jul 10, 2019
Research Description: Attendance Manager [attendance-manager] < 0.5.7 (closed) WordPress Attendance Manager plugin <= 0.5.6 - Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities Cross-Site Request Forgery CSRF and Cross-Site Scripting (XSS) vulnerabilities found in WordPress Attendance Manager plugin (versions <= 0.5.6).
Affected versions: max 0.5.7.
Status: vulnerable