VYPR

School Management

by WordPress

CVEs (13)

  • CVE-2025-31100CriAug 31, 2025
    risk 0.64cvss 9.9epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Mojoomla School Management allows Upload a Web Shell to a Web Server.This issue affects School Management: from n/a through 1.93.1 (02-07-2025).

  • CVE-2025-47573CriJun 17, 2025
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows Blind SQL Injection. This issue affects School Management: from n/a through 92.0.0.

  • CVE-2017-14843HigSep 28, 2017
    risk 0.60cvss 8.8epss 0.03

    Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.

  • CVE-2025-15656HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.

  • CVE-2025-47575HigMay 23, 2025
    risk 0.55cvss 8.5epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.

  • CVE-2025-15655HigJun 3, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0.

  • CVE-2025-47572HigJun 17, 2025
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in mojoomla School Management allows PHP Local File Inclusion. This issue affects School Management: from n/a through 93.0.0.

  • CVE-2025-47574HigJun 27, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.

  • CVE-2025-47613HigMay 23, 2025
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.

  • CVE-2025-48108MedAug 26, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.

  • CVE-2022-1609Jan 16, 2024
    risk 0.07cvss epss 0.64

    The School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.

  • CVE-2025-15657Jun 17, 2026
    risk 0.00cvss epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.

  • CVE-2023-4776Oct 16, 2023
    risk 0.00cvss epss 0.01

    The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers.