CVE-2025-1668

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...

WordPress plugin WPSchoolPress SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin...

WordPress School Management System – WPSchoolPress plugin <= 2.2.16 - Authenticated (Parent+) SQL Injection vulnerability

Authenticated Parent+ SQL Injection vulnerability discovered by wesley wcraft in WordPress Plugin WPSchoolPress versions = 2.2.16...

PT-2024-28013 · Xenforo · Xenforo

Name of the Vulnerable Software and Affected Versions: Xenforo versions prior to 2.2.16 Description: The issue allows for CSRF, which is a type of attack that tricks a user into performing unintended actions on a web application. Recommendations: For versions prior to 2.2.16, update to version...