Vulnerabilites related to igexsolutions - wpschoolpress
Vulnerability from fkie_nvd
Published
2021-11-08 18:15
Modified
2024-11-21 05:53
Severity ?
Summary
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "356E80B3-EA8B-4817-81AE-1C92015AD736",
"versionEndExcluding": "2.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above."
},
{
"lang": "es",
"value": "El plugin School Management System - WPSchoolPress de WordPress versiones anteriores a 2.1.10, no sanea apropiadamente ni usa sentencias preparadas antes de usar la variable POST en las consultas SQL, conllevando a una inyecci\u00f3n SQL en m\u00faltiples acciones disponibles para varios usuarios autenticados, desde simples suscriptores/alumnos hasta profesores y superiores"
}
],
"id": "CVE-2021-24575",
"lastModified": "2024-11-21T05:53:20.160",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T18:15:08.113",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-15 04:15
Modified
2025-03-28 20:00
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EF133B89-7064-447E-850F-3C5ED8C2AEB9",
"versionEndIncluding": "2.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress, es vulnerable a la eliminaci\u00f3n arbitraria de usuarios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n wpsp_DeleteUser() en todas las versiones hasta la 2.2.16 incluida. Esto permite que atacantes autenticados, con acceso de profesor o superior, eliminen cuentas de usuario arbitrarias."
}
],
"id": "CVE-2025-1668",
"lastModified": "2025-03-28T20:00:14.300",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-15T04:15:21.457",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L22"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5638b6-134d-4386-af40-6ac961a915d7?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-15 04:15
Modified
2025-03-28 19:58
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EF133B89-7064-447E-850F-3C5ED8C2AEB9",
"versionEndIncluding": "2.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027cid\u0027 parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress, es vulnerable a la inyecci\u00f3n SQL mediante el par\u00e1metro \u0027cid\u0027 en todas las versiones hasta la 2.2.16 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de nivel personalizado o superior, a\u00f1adir consultas SQL adicionales a las consultas existentes, que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2025-1670",
"lastModified": "2025-03-28T19:58:39.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-15T04:15:21.810",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/pages/wpsp-exams.php#L186"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f38c28f4-e73a-4eb2-8bbd-73c849385c4e?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-15 04:15
Modified
2025-03-28 12:46
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EF133B89-7064-447E-850F-3C5ED8C2AEB9",
"versionEndIncluding": "2.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress es vulnerable a la escalada de privilegios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n wpsp_UpdateTeacher() en todas las versiones hasta la 2.2.16 incluida. Esto permite a atacantes autenticados, con acceso de profesor o superior, actualizar datos arbitrarios de usuarios, incluyendo el correo electr\u00f3nico, lo que permite solicitar el restablecimiento de contrase\u00f1a y acceder a cuentas de usuario arbitrarias, incluyendo las de administrador."
}
],
"id": "CVE-2025-1667",
"lastModified": "2025-03-28T12:46:27.840",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-15T04:15:21.273",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks-teacher.php#L544"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-11-08 18:15
Modified
2024-11-21 05:53
Severity ?
Summary
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| contact@wpscan.com | https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "8387ED5E-4E1A-4495-A457-27222F01A307",
"versionEndExcluding": "2.1.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues."
},
{
"lang": "es",
"value": "El plugin School Management System - WPSchoolPress WordPress antes de la versi\u00f3n 2.1.17 desinfecta algunos campos utilizando sanitize_text_field(), pero no los escapa antes de la salida en los atributos, lo que resulta en problemas de Cross-Site Scripting almacenado"
}
],
"id": "CVE-2021-24664",
"lastModified": "2024-11-21T05:53:31.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-11-08T18:15:08.853",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html"
},
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "contact@wpscan.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-03-15 04:15
Modified
2025-03-28 19:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "EF133B89-7064-447E-850F-3C5ED8C2AEB9",
"versionEndIncluding": "2.2.16",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027addNotify\u0027 action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress, es vulnerable a la inyecci\u00f3n SQL mediante la acci\u00f3n \"addNotify\" en todas las versiones hasta la 2.2.16 incluida, debido a un escape insuficiente del par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n de la consulta SQL existente. Esto permite a atacantes autenticados, con acceso de profesor o superior, a\u00f1adir consultas SQL adicionales a las consultas existentes, que pueden utilizarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2025-1669",
"lastModified": "2025-03-28T19:59:11.440",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2025-03-15T04:15:21.630",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L4304"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7413d90-aed1-4f78-a17c-bed76efb48f8?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-01-07 05:15
Modified
2025-07-14 17:49
Severity ?
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "9E8F2D15-BDA2-47CB-B679-3DC5BB47F7B8",
"versionEndIncluding": "2.2.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027cid\u0027 parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro \u0027cid\u0027 en todas las versiones hasta la 2.2.14 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de estudiante/padre y superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"id": "CVE-2024-12332",
"lastModified": "2025-07-14T17:49:38.070",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "security@wordfence.com",
"type": "Primary"
}
]
},
"published": "2025-01-07T05:15:18.687",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L49"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L72"
},
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L73"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "security@wordfence.com",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-10-26 09:15
Modified
2025-07-10 18:19
Severity ?
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "0CEFAA8E-E524-473D-859D-983FD87F235E",
"versionEndExcluding": "2.2.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
},
{
"lang": "es",
"value": "El complemento School Management System \u2013 WPSchoolPress para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 2.2.10 incluida. Esto se debe a que el complemento no valida correctamente la identidad de un usuario antes de actualizar sus datos, como el correo electr\u00f3nico. Esto hace posible que atacantes autenticados, con acceso de nivel docente o superior, cambien las direcciones de correo electr\u00f3nico de usuarios arbitrarios, incluidos los administradores, y aprovechen eso para restablecer la contrase\u00f1a del usuario y obtener acceso a su cuenta."
}
],
"id": "CVE-2024-9637",
"lastModified": "2025-07-10T18:19:01.503",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "security@wordfence.com",
"type": "Secondary"
}
]
},
"published": "2024-10-26T09:15:04.900",
"references": [
{
"source": "security@wordfence.com",
"tags": [
"Product"
],
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.9/lib/wpsp-ajaxworks-teacher.php#L598"
},
{
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=cve"
}
],
"sourceIdentifier": "security@wordfence.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-639"
}
],
"source": "security@wordfence.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-10-16 20:15
Modified
2025-04-23 17:16
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| igexsolutions | wpschoolpress | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A92AF61E-9711-4ABE-BA78-32F89469072F",
"versionEndExcluding": "2.2.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers."
},
{
"lang": "es",
"value": "El complemento School Management System de WordPress anterior a 2.2.5 utiliza la funci\u00f3n WordPress esc_sql() en un campo no delimitado por comillas y no prepar\u00f3 primero la consulta, lo que lleva a una inyecci\u00f3n de SQL explotable por usuarios con privilegios relativamente bajos, como los Profesores."
}
],
"id": "CVE-2023-4776",
"lastModified": "2025-04-23T17:16:46.423",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-10-16T20:15:16.250",
"references": [
{
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df"
}
],
"sourceIdentifier": "contact@wpscan.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2023-4776 (GCVE-0-2023-4776)
Vulnerability from cvelistv5
Published
2023-10-16 19:38
Modified
2025-04-23 16:13
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | School Management System |
Version: 0 < 2.2.5 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:38:00.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-4776",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-23T16:07:06.134678Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-23T16:13:48.916Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "School Management System",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.2.5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dao Xuan Hieu"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-16T19:38:59.813Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/59dd3917-01cb-479f-a557-021b2a5147df"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPSchoolPress \u003c 2.2.5 - Teacher+ SQLi",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-4776",
"datePublished": "2023-10-16T19:38:59.813Z",
"dateReserved": "2023-09-05T15:05:25.688Z",
"dateUpdated": "2025-04-23T16:13:48.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1670 (GCVE-0-2025-1670)
Vulnerability from cvelistv5
Published
2025-03-15 03:23
Modified
2025-03-17 16:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T16:57:53.500205Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:58:03.606Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.16",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027cid\u0027 parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-15T03:23:25.455Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f38c28f4-e73a-4eb2-8bbd-73c849385c4e?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/pages/wpsp-exams.php#L186"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-14T14:23:15.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.16 - Authenticated (Parent+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1670",
"datePublished": "2025-03-15T03:23:25.455Z",
"dateReserved": "2025-02-24T21:29:24.341Z",
"dateUpdated": "2025-03-17T16:58:03.606Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12332 (GCVE-0-2024-12332)
Vulnerability from cvelistv5
Published
2025-01-07 04:22
Modified
2025-01-07 16:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.14 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-07T15:53:37.908435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T16:20:01.345Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.14",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Khayal Farzaliyev"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027cid\u0027 parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-07T04:22:18.694Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c0248af2-f9f3-4652-bf6d-b46aa91b66f3?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L72"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L73"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/trunk/pages/wpsp-teacher.php#L49"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-01-06T16:09:37.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.14 - Authenticated (Student/Parent+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-12332",
"datePublished": "2025-01-07T04:22:18.694Z",
"dateReserved": "2024-12-06T22:07:57.308Z",
"dateUpdated": "2025-01-07T16:20:01.345Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1669 (GCVE-0-2025-1669)
Vulnerability from cvelistv5
Published
2025-03-15 03:23
Modified
2025-03-17 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T21:25:20.889638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:28:10.575Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.16",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the \u0027addNotify\u0027 action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-15T03:23:24.332Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b7413d90-aed1-4f78-a17c-bed76efb48f8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L4304"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-14T14:22:45.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.16 - Authenticated (Teacher+) SQL Injection"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1669",
"datePublished": "2025-03-15T03:23:24.332Z",
"dateReserved": "2025-02-24T21:28:02.924Z",
"dateUpdated": "2025-03-17T21:28:10.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24664 (GCVE-0-2021-24664)
Vulnerability from cvelistv5
Published
2021-11-08 17:34
Modified
2024-08-03 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-79 - Cross-site Scripting (XSS)
Summary
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | School Management System – WPSchoolPress |
Version: 2.1.17 < 2.1.17 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:42:15.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.17",
"status": "affected",
"version": "2.1.17",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Davide Taraschi"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-15T19:06:24",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPSchoolPress \u003c 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24664",
"STATE": "PUBLIC",
"TITLE": "WPSchoolPress \u003c 2.1.17 - Multiple Admin+ Stored Cross-Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "School Management System \u2013 WPSchoolPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.17",
"version_value": "2.1.17"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Davide Taraschi"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/3f8e170c-6579-4b1a-a1ac-7d93da17b669"
},
{
"name": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/164974/WordPress-WPSchoolPress-2.1.16-Cross-Site-Scripting.html"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24664",
"datePublished": "2021-11-08T17:34:58",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:42:15.967Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1667 (GCVE-0-2025-1667)
Vulnerability from cvelistv5
Published
2025-03-15 03:23
Modified
2025-03-17 21:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1667",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T21:25:58.945073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T21:27:58.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.16",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-15T03:23:25.085Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks-teacher.php#L544"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-14T14:22:59.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1667",
"datePublished": "2025-03-15T03:23:25.085Z",
"dateReserved": "2025-02-24T21:21:35.824Z",
"dateUpdated": "2025-03-17T21:27:58.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1668 (GCVE-0-2025-1668)
Vulnerability from cvelistv5
Published
2025-03-15 03:23
Modified
2025-03-17 16:57
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-862 - Missing Authorization
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.16 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1668",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-17T16:56:55.905404Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-17T16:57:07.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.16",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to delete arbitrary user accounts."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-15T03:23:25.806Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5638b6-134d-4386-af40-6ac961a915d7?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L22"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-14T14:23:26.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.16 - Missing Authorization to Arbitrary User Deletion"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-1668",
"datePublished": "2025-03-15T03:23:25.806Z",
"dateReserved": "2025-02-24T21:24:40.224Z",
"dateUpdated": "2025-03-17T16:57:07.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9637 (GCVE-0-2024-9637)
Vulnerability from cvelistv5
Published
2024-10-26 08:36
Modified
2024-10-28 19:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-639 - Authorization Bypass Through User-Controlled Key
Summary
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| jdsofttech | School Management System – WPSchoolPress |
Version: * ≤ 2.2.10 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:jdsofttech:school_management_system:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "school_management_system",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.10",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-28T19:21:04.039225Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-28T19:23:08.421Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "jdsofttech",
"versions": [
{
"lessThanOrEqual": "2.2.10",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "wesley"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user\u0027s identity prior to updating their details like email. This makes it possible for authenticated attackers, with teacher-level access and above, to change arbitrary user\u0027s email addresses, including administrators, and leverage that to reset the user\u0027s password and gain access to their account."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "CWE-639 Authorization Bypass Through User-Controlled Key",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-26T08:36:00.481Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/411693fc-9df3-44b1-9a6f-58a6e8ef23b8?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.9/lib/wpsp-ajaxworks-teacher.php#L598"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-10-25T20:05:13.000+00:00",
"value": "Disclosed"
}
],
"title": "School Management System \u2013 WPSchoolPress \u003c= 2.2.10 - Insecure Direct Object Reference to Authenticated (Teacher+) Account Takeover/Privilege Escalation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-9637",
"datePublished": "2024-10-26T08:36:00.481Z",
"dateReserved": "2024-10-08T16:50:22.333Z",
"dateUpdated": "2024-10-28T19:23:08.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-24575 (GCVE-0-2021-24575)
Vulnerability from cvelistv5
Published
2021-11-08 17:34
Modified
2024-08-03 19:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-89 - SQL Injection
Summary
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | School Management System – WPSchoolPress |
Version: 2.1.10 < 2.1.10 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:35:20.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "School Management System \u2013 WPSchoolPress",
"vendor": "Unknown",
"versions": [
{
"lessThan": "2.1.10",
"status": "affected",
"version": "2.1.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "JrXnm"
}
],
"descriptions": [
{
"lang": "en",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-08T17:34:44",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "WPSchoolPress \u003c 2.1.10 - Multiple Authenticated SQL Injections",
"x_generator": "WPScan CVE Generator",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "contact@wpscan.com",
"ID": "CVE-2021-24575",
"STATE": "PUBLIC",
"TITLE": "WPSchoolPress \u003c 2.1.10 - Multiple Authenticated SQL Injections"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "School Management System \u2013 WPSchoolPress",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.1.10",
"version_value": "2.1.10"
}
]
}
}
]
},
"vendor_name": "Unknown"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "JrXnm"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The School Management System \u2013 WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above."
}
]
},
"generator": "WPScan CVE Generator",
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a",
"refsource": "MISC",
"url": "https://wpscan.com/vulnerability/83c9c3af-9eca-45e0-90d7-edc69e616e6a"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2021-24575",
"datePublished": "2021-11-08T17:34:44",
"dateReserved": "2021-01-14T00:00:00",
"dateUpdated": "2024-08-03T19:35:20.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}