CVE-2022-2312: 
WordPress vulnerability analysis and mitigation

CVE-2022-2312 is a security vulnerability affecting the WordPress plugin 'Student Result or Employee Database' versions prior to 1.7.5. The vulnerability was discovered by Vinay Varma Mudunuri and Krishna Harsha Kondaveeti, and was publicly disclosed on August 1, 2022. This vulnerability combines Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) issues in the plugin's AJAX actions (WPScan).

The vulnerability stems from two main issues: lack of CSRF protection in AJAX actions and insufficient input sanitization and escaping. The vulnerability has been assigned a CVSS score of 6.1 (medium severity) and is associated with CWE-79 (Cross-site Scripting) and CWE-352 (Cross-Site Request Forgery) classifications. The vulnerability allows attackers to execute CSRF attacks that can lead to stored XSS, affecting users with contributor-level permissions or higher (WPScan).

The vulnerability allows attackers to manipulate student data through CSRF attacks, enabling them to add, edit, and delete student records. Additionally, due to the lack of proper sanitization and escaping, attackers can inject malicious scripts that are stored in the database and executed when viewed by other users (WPScan).

The vulnerability has been fixed in version 1.7.5 of the Student Result or Employee Database plugin. Users are advised to update to this version or later to protect against these security issues (WPScan).