VYPR

Wpschoolpress

by Igexsolutions

CVEs (8)

  • CVE-2025-1667HigMar 15, 2025
    risk 0.57cvss 8.8epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…

  • CVE-2024-9637HigOct 26, 2024
    risk 0.50cvss 8.8epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to updating their details like…

  • CVE-2025-1670MedMar 15, 2025
    risk 0.42cvss 6.5epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2025-1669MedMar 15, 2025
    risk 0.42cvss 6.5epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the…

  • CVE-2023-37887MedDec 13, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7.

  • CVE-2024-12332MedJan 7, 2025
    risk 0.35cvss 6.5epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing…

  • CVE-2026-39631MedApr 8, 2026
    risk 0.32cvss 4.9epss 0.00

    Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.

  • CVE-2025-1668MedMar 15, 2025
    risk 0.28cvss 4.3epss 0.00

    The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…