Volerion logoVolerion
Volerion logoVolerion

School Management System for WordPress SQL Injection Vulnerability in Attendance View Page

Vulnerability

A SQL injection vulnerability has been identified in the School Management System for WordPress plugin, affecting all versions through 92.0.0. The issue arises on the 'view-attendance' page, where insufficient escaping of user-supplied parameters and inadequate preparation of the SQL query in the 'mj_smgt_view_student_attendance()' function create an opportunity for exploitation. This vulnerability allows authenticated attackers with Student-level access or higher to inject additional SQL queries into existing ones, potentially leading to the extraction of sensitive information from the database.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can manipulate SQL queries to access or modify database information. In this case, it could be used to extract sensitive data from the database.

Remediation

Users are advised to update the School Management System for WordPress plugin to version 93.0.0 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
0.8
impact
2.5
exploitability
5.2
remediation
7.7
relevance
0.0
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.