CVE-2022-2381

Name of the Vulnerable Software and Affected Versions The E Unlocked - Student Result WordPress plugin versions 1.0.0 through 1.0.4

Description The issue is related to a lack of CSRF protection and validation when uploading the School logo, allowing attackers to make a logged-in admin upload arbitrary files, such as PHP, via a CSRF attack.

Recommendations For versions 1.0.0 through 1.0.4, consider disabling the logo upload feature until a patch is available to prevent exploitation. Restrict access to the logo upload module to minimize the risk of arbitrary file uploads. Avoid using the affected plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.