CVE-2023-4776 Information

Description

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

Reference

https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df