What is CVE-2022-1609?

CVE-2022-1609 is a vulnerability in School-management-pro, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2024-01-16.

Is CVE-2022-1609 known to be exploited?

22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in School-management-pro

CVE-2022-1609

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

Unknown School-management-pro — versions 0

Public proof-of-concept exploits

0xSojalSec/-CVE-2022-1609
itworksig/cve-2022-1609-exploit
savior-only/CVE-2022-1609
0xSojalSec/CVE-2022-1609
ARPSyndicate/kenzer-templates
NaInSec/CVE-PoC-in-GitHub
WhooAmii/POC_
WitchWatcher/cve-2022-1609-exploit
hex0x13h/cve-2022-1609-exploit
iaaaannn0/cve-2022-1609-exploit

References

wpscan.com/vulnerability/e2d546c9-85b6-47a4-b951-781b9ae5d0f2/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2022-1609?: CVE-2022-1609 is a vulnerability in School-management-pro, classified under CWE-94 IMPROPER CONTROL OF GENERATION OF CODE ('CODE INJECTION'). Published 2024-01-16.
Is CVE-2022-1609 known to be exploited?: 22 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.