CVE-2025-47575
Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
SQL injection in mojoomla School Management plugin (≤92.0.0) allows unauthenticated attackers to extract or manipulate the WordPress database.
Vulnerability
Overview CVE-2025-47575 is an SQL injection vulnerability in the mojoomla School Management plugin for WordPress, affecting versions from n/a through 92.0.0. The plugin fails to neutralize special elements in SQL commands, allowing an attacker to inject arbitrary SQL queries into the database [1].
Exploitation
No authentication is required, and the attack can be carried out remotely. This vulnerability is considered highly dangerous and is expected to be used in mass-exploit campaigns targeting thousands of WordPress sites regardless of size or popularity [1].
Impact
Successful exploitation could allow a malicious actor to directly interact with the database, including stealing sensitive information or modifying data [1].
Mitigation
Users must immediately update the School Management plugin to a patched version if available. If an update is not possible, site owners should contact their hosting provider or web developer for assistance [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=92.0.0
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.