CVE-2025-25616

CVE-2025-25616 : Unifiedtransform 2.0 is vulnerable to Incorrect Access Control that allows students to modify exam rules through the endpoint /exams/edit-rule?exam_rule_id=1 . Root cause: improper access control. Documented impact includes high confidentiality and integrity impact with an overal...

PT-2024-26255 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the name parameter in the "/model/update exam.php" API endpoint. Recommendations: Fo...

The vulnerability of the LearnDash plugin’s interface in the WordPress content management system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the LearnDash plugin’s interface in the WordPress content management system is related to insufficient protection of operational data during the processing of the sfwd-question and ld-exam endpoints. Exploiting this vulnerability can allow an attacker, operating remotely, to...

PT-2023-8521 · WordPress · Learndash Lms

Name of the Vulnerable Software and Affected Versions: LearnDash LMS plugin for WordPress versions up to, and including, 4.10.1 Description: The issue is related to Sensitive Information Exposure, which can be exploited via API, allowing unauthenticated attackers to obtain access to quizzes. The...

CVE-2022-32373

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getexam.php?id=...