CVE-2024-9658

{"id": "CVE-2024-9658", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "security@wordfence.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2025-03-07T09:15:15.993", "references": [{"url": "https://codecanyon.net/item/school-management-system-for-wordpress/11470032", "tags": ["Product"], "source": "security@wordfence.com"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5fd7bca-7754-4f83-8e51-5278e6e8cc78?source=cve", "tags": ["Third Party Advisory"], "source": "security@wordfence.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security@wordfence.com", "description": [{"lang": "en", "value": "CWE-288"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. This makes it possible for authenticated attackers, with student-level access and above, to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account. This was escalated four months ago after no response to our initial outreach, yet it still vulnerable."}, {"lang": "es", "value": "El complemento School Management System for Wordpress para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 93.0.0 incluida. Esto se debe a que el complemento no valida correctamente la identidad de un usuario antes de actualizar sus datos, como el correo electr\u00f3nico y la contrase\u00f1a, a trav\u00e9s de las funciones mj_smgt_update_user() y mj_smgt_add_admission(), junto con una vulnerabilidad de inclusi\u00f3n de archivos locales. Esto hace posible que los atacantes autenticados, con acceso a nivel de estudiante y superior, cambien las direcciones de correo electr\u00f3nico y las contrase\u00f1as de usuarios arbitrarios, incluidos los administradores, y aprovechen eso para obtener acceso a su cuenta. Esto se intensific\u00f3 hace cuatro meses despu\u00e9s de que no recibimos respuesta a nuestro contacto inicial, pero a\u00fan es vulnerable."}], "lastModified": "2025-03-13T14:58:42.383", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:dasinfomedia:school_management_system:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "915C5AD7-1FB6-4393-BE7C-024C2416E81B", "versionEndIncluding": "93.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@wordfence.com"}