Description
Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Forms for Mailchimp PHP Code Injection (6.5.2)
PHP Improper Preservation of Permissions Vulnerability (CVE-2020-7063)
WordPress Plugin WP Symposium Multiple SQL Injection Vulnerabilities (12.09)
Artifactory Improper Privilege Management Vulnerability (CVE-2022-0668)
WordPress Plugin Login Block IPs Cross-Site Request Forgery (1.0.0)