CVE-2021-24575

Name of the Vulnerable Software and Affected Versions WPSchoolPress WordPress plugin versions prior to 2.1.10

Description The issue arises from the improper sanitization or use of prepared statements for POST variables in SQL queries, leading to SQL injection. This affects multiple actions available to various authenticated users, including subscribers, students, teachers, and those with higher privileges.

Recommendations For versions prior to 2.1.10, update to version 2.1.10 or later to resolve the issue. As a temporary workaround, consider restricting access to actions that utilize POST variables in SQL queries until the update is applied.