CVE-2022-1609

CRITICAL

CVSS v3

9.8

CRITICAL

EPSS Score

93.5%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

Technical Details

Published
1/16/2024

Frequently Asked Questions

What is CVE-2022-1609?

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

Is CVE-2022-1609 actively exploited?

Active exploitation of CVE-2022-1609 has not been confirmed. The EPSS score is 93.5%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2022-1609?

CVE-2022-1609 has a CVSS v3 base score of 9.8 (CRITICAL severity).

Is CVE-2022-1609 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.