This is a summary of the AI-generated 10-question deep analysis. The full version (longer answers, follow-up Q&A, related CVEs) requires login. Read the full analysis โ
Q1What is this vulnerability? (Essence + Consequences)
๐จ **Essence**: A critical **Code Injection** vulnerability in School Management Pro. It stems from a **hidden backdoor** in the REST API.โฆ
๐ก๏ธ **Root Cause**: The flaw is a **vague backdoor** embedded within the **REST API** endpoint (`/wp-json/am-member/license`). It allows unauthenticated input to be executed as system commands.โฆ
๐ซ **Affected Product**: **School Management Pro** by Weblizar (WordPress Plugin). ๐ **Versions**: **6.0** up to **9.9.6**. ๐ฎ๐ณ **Vendor**: Weblizar (Indian company). If you use these versions, you are at risk!
Q4What can hackers do? (Privileges/Data)
๐ป **Attacker Capabilities**: Full **Remote Code Execution (RCE)**. ๐ **Privileges**: The PoC shows execution as `www-data` (web server user).โฆ
๐ฃ **Public Exploits**: **YES**. Multiple PoCs are available on GitHub (e.g., `savior-only`, `0xSojalSec`, `WitchWatcher`). ๐ **Tools**: Bash scripts (`exploit.sh`) and curl commands are publicly shared.โฆ
๐ **Self-Check**: Scan for the specific REST endpoint: `/wp-json/am-member/license`. ๐งช **Test**: Send a POST request with `blowf=system('id')`. If the response contains `uid=33(www-data)`, you are vulnerable!โฆ
๐ฉน **Official Fix**: The data does not list a specific patch date, but the vulnerability is published (Jan 2024). โ ๏ธ **Action**: You must **update** to a version > 9.9.6 immediately if available, or remove the plugin.โฆ
๐ง **No Patch Workaround**: 1. **Disable/Remove** the plugin immediately. 2. **Block** the endpoint `/wp-json/am-member/license` via WAF or firewall. 3.โฆ
๐ฅ **Urgency**: **CRITICAL**. ๐จ **Priority**: **P0**. Since it is an unauthenticated RCE with public exploits, your server is likely being scanned right now. Patch or mitigate **TODAY**. Do not wait!