Authentication Bypass Vulnerability in Simple Student Result Plugin for WordPress

Authentication Bypass Vulnerability in Simple Student Result Plugin for WordPress

CVE-2017-14766 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

The Simple Student Result plugin before 1.6.4 for WordPress has an Authentication Bypass vulnerability because the fn_ssr_add_st_submit() function and fn_ssr_del_st_submit() function in functions.php only require knowing the student id number.

Learn more about our Wordpress Pen Testing.