VYPR

Hel Online Classroom

by WordPress

Source repositories

CVEs (12)

  • CVE-2026-8097MedMay 7, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /askquery.php. The manipulation of the argument squeryx results in sql injection. The attack may be performed from remote. The exploit has been released to…

  • CVE-2026-7744MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in CodeAstro Online Classroom 1.0. This affects an unknown function of the file /OnlineClassroom/addnewstudent. The manipulation of the argument fname results in sql injection. The attack may be performed from remote. The exploit has been made public…

  • CVE-2026-7743MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-7742MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been…

  • CVE-2026-7741MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeAstro Online Classroom 1.0. Impacted is an unknown function of the file /OnlineClassroom/studentlogin. Performing a manipulation of the argument sid results in sql injection. Remote exploitation of the attack is possible. The exploit is now…

  • CVE-2026-7196MedApr 28, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /guestdetails. Such manipulation of the argument deleteid leads to sql injection. The attack may be performed from remote. The exploit has been disclosed…

  • CVE-2026-7148MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

  • CVE-2026-6033MedApr 10, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in CodeAstro Online Classroom 1.0. Affected is an unknown function of the file /updatedetailsfromstudent.php?eno=146891650. Executing a manipulation of the argument fname can lead to sql injection. The attack may be performed from remote. The…

  • CVE-2026-6010MedApr 10, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in CodeAstro Online Classroom 1.0/2.php. Affected by this vulnerability is an unknown functionality of the file /OnlineClassroom/takeassessment2.php?exid=14. Performing a manipulation of the argument Q1 results in sql injection. Remote…

  • CVE-2026-5579MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in CodeAstro Online Classroom 1.0. This issue affects some unknown processing of the file /OnlineClassroom/updatedetailsfromfaculty.php?myfid=108 of the component Parameter Handler. Executing a manipulation of the argument fname can lead to sql…

  • CVE-2026-5578MedApr 5, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in CodeAstro Online Classroom 1.0. This vulnerability affects unknown code of the file /OnlineClassroom/addassessment.php of the component Parameter Handler. Performing a manipulation of the argument deleteid results in sql injection. The attack is…

  • CVE-2026-6708MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    The HEL Online Classroom: AI-powered Online Classrooms plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.0.3. This is due to a missing capability check on a REST API endpoint registered with a permission_callback of…