CVSS Score
8.8
CWE
CWE-434: Unrestricted Upload of File with Dangerous Type
Published
Aug 15, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2025-31100 is potentially a duplicate of this.
CVSS Score
6.5
CWE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Published
Aug 15, 2025
The School Management plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with support staff-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
5.3
CWE
CWE-639: Authorization Bypass Through User-Controlled Key
Published
Aug 15, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 93.1.0 due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to perform an unauthorized action.
CVSS Score
4.3
CWE
CWE-862: Missing Authorization
Published
Aug 15, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Custom-level access and above, to perform an unauthorized action.
CVSS Score
8.8
CWE
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Published
Jul 17, 2025
The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The Local File Inclusion exploit can be chained to include various dashboard view files in the plugin. One such chain can be leveraged to update the password of Super Administrator accounts in Multisite environments making privilege escalation possible. The vendor has updated the version numbers beginning with `1.93.1 (02-07-2025)` for the patched version. This version comes after version 93.1.0.
CVSS Score
6.1
CWE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published
Jun 18, 2025
The School Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 92.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVSS Score
8.8
CWE
CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
Published
Jun 12, 2025
The School Management plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 93.0.0. This makes it possible for authenticated attackers, with student-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
CVSS Score
7.5
CWE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Published
Jun 11, 2025
The School Management plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
6.5
CWE
CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Published
May 20, 2025
The School Management plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVSS Score
6.1
CWE
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Published
May 20, 2025
The School Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 92.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.