The School Management < 9.9.7 - Unauthenticated RCE via REST api
CVE-2022-1609

9.8CRITICAL

Key Information:

Vendor: WordPress
Status: School-management-pro
Vendor: CVE Published:; 16 January 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The School Management WordPress plugin, prior to version 9.9.7, is susceptible to a security vulnerability involving an obfuscated backdoor within its license checking mechanism. This backdoor registers a REST API handler that potentially allows an unauthorized attacker to execute arbitrary PHP code on affected websites. The exposure through this backdoor increases the risk of exploitation on WordPress installations utilizing this plugin, making it imperative for site administrators to update to the latest version to mitigate this security concern.

Affected Version(s)

school-management-pro 0 < 9.9.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-1609 - Proof of Concept

-CVE-2022-1609
Created by 0xSojalSec

CVE-2022-1609
Created by savior-only

References

https://wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-...

exploitvdb-entrytechnical-description

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2024
🟡
Public PoC available
Apr 22, 2023
👾
Exploit known to exist
Apr 22, 2023
Vulnerability Reserved
May 6, 2022

Collectors

NVD DatabaseMitre Database4 Proof of Concept(s)

Credit

Jetpack Scan Team + WordPress elevated support team

WPScan