CVE-2025-15656 WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...

WordPress School Management System plugin <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload vulnerability

Authenticated Student+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin School Management versions = 93.2.0...

CVE-2025-31100

CVE-2025-31100 relates to an unrestricted file upload vulnerability in the WordPress/“Mojoomla” School Management plugin. The issue allows uploading a Web Shell to the web server and affects versions n/a through 1.93.1 (02-07-2025). The root cause is an unrestricted upload of dangerous file types...

CVE-2025-48108 WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0...

WordPress School Management Pro premium plugin < 9.9.7 - Unauthenticated Remote Code Execution (RCE) via REST API

Unauthenticated Remote Code Execution RCE via REST API discovered by Jetpack Scan Team and WordPress elevated support team in WordPress School Management Pro premium plugin versions 9.9.7. Solution Update the WordPress School Management Pro premium plugin to the latest available version at least...

WordPress School Management plugin < 57.0 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities

Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS vulnerabilities found by m0ns7er in WordPress School Management plugin versions 57.0. Solution Update the WordPress School Management plugin to the latest available version at least 57.0...