cleantalk
Vulnerabilities and Security Researches

Student Result or Employee Database, CVE-2022-2312

CVE, Research URL

CVE-2022-2312

Home page URL

Security reports for Student Result or Employee Database

Application

Student Result or Employee Database

Published on
Aug 22, 2022
Research Description
The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions, allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site scripting
Affected versions
max 1.7.5.
Status
vulnerable
Previous vulnerability researches
Student Result or Employee Database (4f89f73d790d9e6f578d23ebcad8884710e982f2) , Jun 16, 2026
Student Result or Employee Database (af2fead6-9f8e-4c00-ac50-440de969ca42) , Jun 16, 2026
Student Result or Employee Database (602eb53e67fc9a4dd6d8ee19c4a1966aade0d789) , Jun 16, 2026
Student Result or Employee Database (b924353f6fd68617f83ce8598055a099e3f42ae0) , Jun 16, 2026
Student Result or Employee Database (CVE-2017-14766) , Jun 07, 2024
New vulnerability
leenk.me (753d31765913b4d2dbb8af0a5512e5f1f8c70c61) , Jun 16, 2026
Social Hashtags (5abd4657-8a58-4d97-b8cb-b67235ab5b8a) , Jun 16, 2026
Social Hashtags (1965c7b04565befbb11c28b56cb6922733a47b03) , Jun 16, 2026
Social Hashtags (a7cf6766582e354e702766a86f85716127d19bdc) , Jun 16, 2026
Simple Calendar – Google Calendar Plugin (e98a6264-9c5a-417f-b2f8-bd0017b411a0) , Jun 16, 2026