CVE-2023-4776

Name of the Vulnerable Software and Affected Versions School Management System WordPress plugin versions prior to 2.2.5

Description The issue is related to a SQL injection that can be exploited by relatively low-privilege users, such as Teachers. This occurs because the WordPress esc sql() function is used on a field not delimited by quotes and the query is not first prepared.

Recommendations For versions prior to 2.2.5, update to version 2.2.5 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive database queries to minimize the risk of exploitation.