Zercurity data services
  • Expand groupSummary
  • Applications (0)
  • Packages (0)
  • System updates (0)
  • Operating systems (0)

CVE-2022-2381

Description
The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack
  • Risk: 88
CVSSv3
    CVSSv2

      Raw Object

      {
  "uuid": "45472802-0650-2b47-175a-470b6773535b",
  "name": "CVE-2022-2381",
  "description": "The E Unlocked - Student Result WordPress plugin through 1.0.4 is lacking CSRF and validation when uploading the School logo, which could allow attackers to make a logged in admin upload arbitrary files, such as PHP via a CSRF attack",
  "cvss": null,
  "score": 0,
  "severity": "NONE",
  "cvss3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
  "score3": 8.8,
  "severity3": "HIGH",
  "applications": [],
  "packages": [],
  "updates": [],
  "os": [],
  "risk": 88,
  "created_at": "2022-08-15T11:21:00+00:00",
  "updated_at": "2022-08-16T18:08:00+00:00",
  "deleted_at": null
}