Vulnerabilities and security researches forsimple-student-result simple-student-result

Jun 16, 2026

CVE, Research URL: 4f89f73d790d9e6f578d23ebcad8884710e982f2
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: Sep 28, 2017
Research Description: Student Result or Employee Database [simple-student-result] < 1.6.4 WordPress Student Result or Employee Database plugin <=1.6.3 - Authorization Bypass vulnerability Authorization Bypass vulnerability found by Lim Benjamin found in WordPress Student Result or Employee Database plugin version 1.6.3 and earlier versions. Specific Google dork could find vulnerable websites. Some functions of the plugin do not check the authorization.
Affected versions: max 1.6.4.
Status: vulnerable

CVE, Research URL: af2fead6-9f8e-4c00-ac50-440de969ca42
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: -
Research Description: Student Result or Employee Database [simple-student-result] < 1.7.5 Student Result or Employee Database < 1.8.0 - Unauthorised REST Calls The plugin has a flawed permission callback in its REST endpoints, allowing unauthenticated attackers to call them and add/edit/delete arbitrary student for example
Affected versions: max 1.7.5.
Status: vulnerable

CVE, Research URL: 602eb53e67fc9a4dd6d8ee19c4a1966aade0d789
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: Aug 01, 2022
Research Description: Student Result or Employee Database [simple-student-result] < 1.8.0 Student Result or Employee Database <= 1.7.9 - Missing Authorization The Student Results or Employee Database plugin for WordPress is vulnerable to unauthorized REST calls in versions up to, and including 1.7.9. This is due to flawed permission callback in the plugin's REST endpoints. This makes it possible for unauthenticated attackers to utilize these endpoints to add, modify or delete students
Affected versions: max 1.8.0.
Status: vulnerable

CVE, Research URL: b924353f6fd68617f83ce8598055a099e3f42ae0
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: Aug 01, 2022
Research Description: Student Result or Employee Database [simple-student-result] < 1.8.0 WordPress Student Result or Employee Database plugin <= 1.7.9 - Unauthorized REST Calls vulnerability Unauthorized REST Calls vulnerability discovered by WPScanTeam in WordPress Student Result or Employee Database plugin (versions <= 1.7.9). Update the WordPress Student Result or Employee Database plugin to the latest available version (at least 1.8.0).
Affected versions: max 1.8.0.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2017-14766
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: Sep 27, 2017
Research Description: The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.
Affected versions: max 1.6.4.
Status: vulnerable

CVE, Research URL: CVE-2022-2312
Home page URL: Security reports for Student Result or Employee Database
Application: Student Result or Employee Database
Date: Aug 22, 2022
Research Description: The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
Affected versions: max 1.7.5.
Status: vulnerable