Dasinfomedia School Management System — known CVE vulnerabilities
Every CVE whose affected-product data names Dasinfomedia School Management System, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2024-9659 — CVSS 9.8 (critical): The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation…
CVE-2024-9658 — CVSS 8.8 (high): The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions…
CVE-2024-9660 — CVSS 8.8 (high): The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation…
CVE-2024-12607 — CVSS 6.5 (medium): The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the…
CVE-2024-12609 — CVSS 6.5 (medium): The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all…
CVE-2024-12611 — CVSS 5.3 (medium): The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter…
CVE-2024-12610 — CVSS 5.3 (medium): The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability…