itworksig

1 exploit Active since Jan 2024
CVE-2022-1609 NOMISEC CRITICAL WORKING POC
School Management WordPress Plugin < 9.9.7 - Unauthenticated Remote Code Execution via Backdoor REST API Handler
The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.
1 stars
CVSS 9.8