CVE-2022-2312 Information

Description

The Student Result or Employee Database WordPress plugin before 1.7.5 does not have CSRF in its AJAX actions allowing attackers to make logged in user with a role as low as contributor to add/edit and delete students via CSRF attacks. Furthermore due to the lack of sanitisation and escaping it could also lead to Stored Cross-Site scripting

Reference

https://wpscan.com/vulnerability/7548c1fb-77b5-4290-a297-35820edfe0f8