103 matches found
CVE-2026-39631
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
EUVD-2026-20282
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
CVE-2026-39631
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
CVE-2026-39631
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
CVE-2026-39631
CVE-2026-39631 describes a missing authorization flaw in the WordPress plugin WPSchoolPress by Ronik/UnlimitedWP, affecting versions up to 2.2.35. The vulnerability arises from Incorrectly Configured Access Control Security Levels, enabling unauthorized actions under a network attack vector with ...
CVE-2026-39631 WordPress WPSchoolPress plugin <= 2.2.35 - Broken Access Control vulnerability
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
PT-2026-31196
Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through = 2.2.35...
WordPress plugin WPSchoolPress 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...
CVE-2025-1668
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpspDeleteUser function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...
CVE-2025-1667
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpspUpdateTeacher function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access a...
CVE-2025-11981
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-11981
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-11981 School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
EUVD-2025-197606
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-11981 School Management System – WPSchoolPress <= 2.2.23 - Authenticated (Administrator+) SQL Injection
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'SCodes' parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...
CVE-2025-11981
CVE-2025-11981 affects the WordPress plugin School Management System – WPSchoolPress up to version 2.2.23 . The vulnerability is an SQL Injection via the SCodes parameter caused by insufficient escaping and inadequate query preparation. The impact described in the sources is that an attacker with...
WordPress plugin School Management System – WPSchoolPress SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Schoo...
PT-2025-46950
Name of the Vulnerable Software and Affected Versions WPSchoolPress versions through 2.2.23 Description The School Management System – WPSchoolPress plugin for WordPress is susceptible to SQL Injection through the SCodes parameter. Insufficient input sanitization and inadequate SQL query...
WordPress School Management System – WPSchoolPress plugin <= 2.2.23 - Authenticated (Administrator+) SQL Injection vulnerability
Authenticated Administrator+ SQL Injection vulnerability discovered by dutafi in WordPress Plugin WPSchoolPress versions = 2.2.23...
EUVD-2021-11576
Malware in sbrugna...