Code-Projects School Fees Payment System 1.0 - SQL Injection

A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

CVE-2025-66581

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.41.0, a flaw in the server-side authorization logic allowed authenticated users to perform actions beyond their assigned roles across multiple features. Because the affected endpoints...

CVE-2025-65669

An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction...

EUVD-2022-6827

Malicious code in bioql PyPI...

EUVD-2025-25059

Malicious code in bioql PyPI...

EUVD-2022-5457

Malicious code in bioql PyPI...

CVE-2025-6079

The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...

CVE-2025-6079

CVE-2025-6079 affects the School Management System for WordPress plugin (WordPress). It enables authenticated attackers with Student-level access or higher to upload arbitrary files due to missing file type validation in homework.php, across all versions up to 93.2.0. The vulnerability could pote...

PT-2025-33522 · WordPress · School Management System For Wordpress

Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...

CVE-2024-12609

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in th...

CVE-2024-12609 School Management System for Wordpress <= 92.0.0 - Authenticated (Student+) SQL Injection via 'view-attendance'

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via the 'view-attendance' page in all versions up to, and including, 92.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query in th...

CVE-2024-12332

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This make...

CVE-2024-12306

CVE-2024-12306 concerns multiple access control vulnerabilities in Unifiedtransform, affecting version 2.0 and earlier. The issues include function-level access controls in list endpoints and object-level access controls in profile endpoints, enabling a malicious student to view personal informat...

PT-2024-39747 · WordPress · School Management System

Name of the Vulnerable Software and Affected Versions: The School Management System for Wordpress plugin for WordPress versions up to, and including, 91.5.0 Description: The issue is related to arbitrary file uploads due to missing file type validation in the mj smgt load documets new and mj smgt...

CVE-2024-10008

The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to unauthorized user profile modification due to missing authorization checks on the /wp-json/masteriyo/v1/users/$id REST API endpoint in all versions up to, and including, 1.13.3. This makes ...

BIT-MOODLE-2021-40695

It was possible for a student to view their quiz grade before it had been released, using a quiz web service...

Tutor LMS < 2.6.1 - Student+ HTML Injection via Q&A

Description The plugin is vulnerable to HTML Injection due to insufficient sanitization of HTML input in the Q functionality, allowing authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting...

CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student...

UBUNTU-CVE-2024-1439

Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent...