Cross-Site Request Forgery in SakolaWP School Management System for WordPress
CVE-2024-13647
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 27 February 2025
What is CVE-2024-13647?
The SakolaWP School Management System plugin for WordPress has a vulnerability that allows Cross-Site Request Forgery due to inadequate nonce validation on critical actions such as 'save_exam_setting' and 'delete_exam_setting'. Unauthenticated attackers can exploit this flaw by tricking site administrators into performing unintended actions, potentially compromising exam setting configurations.
Affected Version(s)
School Management System – SakolaWP * <= 1.0.8