Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total9
Critical1
High3
Medium5
Reset
Showing 1-9 of 9 records
Threat Entry Updated 2026-01-06

CVE-2026-0544 - School Management System Plugin

A security flaw has been discovered in itsourcecode School Management System 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.

PLUGIN School Management System

CVE-2026-0544

MEDIUM CVSS 6.9 2026-01-01
Open Full Technical Breakdown
Threat Entry Updated 2025-03-13

CVE-2024-9658 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 93.0.0. This is due to the plugin not properly validating a user's identity prior to updating their details like email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions, along with a local file inclusion vulnerability. This makes it possible for authenticated attackers, with student-level access and above, to change arbitrary user's email addresses and passwords, including administrators, and leverage that to gain access to their account.…

PLUGIN School Management System

CVE-2024-9658

HIGH CVSS 8.8 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2024-12611 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'title' parameter in all versions up to, and including, 93.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

PLUGIN School Management System

CVE-2024-12611

MEDIUM CVSS 5.3 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2024-12610 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'mj_smgt_remove_feetype' and 'mj_smgt_remove_category_new' AJAX actions in all versions up to, and including, 93.0.0. This makes it possible for unauthenticated attackers to delete arbitrary posts.

PLUGIN School Management System

CVE-2024-12610

MEDIUM CVSS 5.3 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2024-12609 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in the mj_smgt_view_student_attendance() function. This makes it possible for authenticated attackers, with Student-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN School Management System

CVE-2024-12609

MEDIUM CVSS 6.5 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-07

CVE-2024-12607 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'mj_smgt_show_event_task' AJAX action in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

PLUGIN School Management System

CVE-2024-12607

MEDIUM CVSS 6.5 2025-03-07
Open Full Technical Breakdown
Threat Entry Updated 2025-07-12

CVE-2024-9660 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN School Management System

CVE-2024-9660

HIGH CVSS 8.8 2024-11-23
Open Full Technical Breakdown
Threat Entry Updated 2025-07-12

CVE-2024-9659 - School Management System Plugin

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

PLUGIN School Management System

CVE-2024-9659

CRITICAL CVSS 9.8 2024-11-23
Open Full Technical Breakdown
Threat Entry Updated 2025-04-23

CVE-2023-4776 - School Management System Plugin

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.

PLUGIN School Management System

CVE-2023-4776

HIGH CVSS 8.8 2023-10-16
Open Full Technical Breakdown
Scroll to top