CVE-2024-12611

Name of the Vulnerable Software and Affected Versions School Management System for Wordpress plugin versions up to, and including, 93.0.0

Description The issue arises from insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts via the title parameter. This enables attackers to execute scripts if they can trick a user into performing a specific action, such as clicking on a link.

Recommendations For versions up to, and including, 93.0.0, consider restricting input for the title parameter to prevent arbitrary script injection until a patch is available. As a temporary workaround, avoid using the title parameter in sensitive pages to minimize the risk of exploitation.