CVE-2025-15656

CVE-2025-15656 is an Incorrect Privilege Assignment vulnerability affecting the WordPress School Management plugin (the CVE entry and related records list affected scope as WordPress School Management up to version 93.2.0). The underlying issue is privilege escalation via improper privilege assig...

WordPress School Management plugin <= 91.5.0 - Authenticated (Student+) Arbitrary File Upload vulnerability

Authenticated Student+ Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin School Management versions = 91.5.0...

WordPress Mojoomla School Management plugin file upload vulnerability

WordPress Mojoomla School Management plugin is a WordPress plugin mainly used for school management system, support class management, student attendance, grade management, fee collection and other functions. WordPress Mojoomla School Management plugin has a file upload vulnerability, which stems...

CVE-2025-31100 WordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 02-07-2025...

CVE-2025-48108 WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0...

WordPress School Management System for Wordpress plugin <= 93.2.0 - Unauthenticated SQL Injection vulnerability

Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin School Management versions = 93.2.0...

WordPress School Management Plugin <= 93.2.0 - SQL Injection Vulnerability

SQL Injection Vulnerability discovered by Cút lộn xào me in WordPress Plugin School Management versions = 93.2.0...

CVE-2025-47574 WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0...

WordPress School Management Plugin <= 93.2.0 - Privilege Escalation Vulnerability

Privilege Escalation Vulnerability discovered by Cút lộn xào me in WordPress Plugin School Management versions = 93.2.0...

WordPress plugin School Management 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin School Management SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

WordPress School Management System for Wordpress plugin <= 93.0.0 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin School Management versions = 93.0.0...

WordPress School Management System for Wordpress plugin <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation vulnerability

Authenticated Student+ Account Takeover and Privilege Escalation vulnerability discovered by Tonn in WordPress Plugin School Management versions = 93.0.0...

WordPress School Management plugin <= 91.5.0 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by Tonn in WordPress Plugin School Management versions = 91.5.0...

CVE-2022-1609

The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site...

CVE-2022-47430 WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Weblizar The School Management – Education & Learning Management allows SQL Injection.This issue affects The School Management – Education & Learning Management: from n/a through 4.1...

WordPress Plugin The School Management – Education & Learning Management SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. WordPress Plugin The School Management - Education &...