Description

Insufficient validation of profile field availability condition resulted in an SQL injection risk (by default only available to teachers and managers).

Remediation

References

CVE-2023-28329

Related Vulnerabilities

WordPress Plugin Vmax Project Manager Local File Inclusion (1.1)

Collabtive Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2015-0258)

WordPress 3.7.x Possible SQL Injection Vulnerability (3.7 - 3.7.22)

WordPress 4.6.x Multiple Vulnerabilities (4.6 - 4.6.8)

WordPress Plugin Relevanssi-A Better Search SQL Injection (3.2)

Severity

High

Classification

CVE-2023-28329 CWE-138 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities