Multiple vulnerabilities in WPSchoolPress plugin for WordPress
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2025-1670 CVE-2025-1668 CVE-2025-1667 CVE-2025-1669 |
| CWE-ID | CWE-89 CWE-862 CWE-639 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
WPSchoolPress Web applications / Modules and components for CMS |
| Vendor | WpSchoolPress Team |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) SQL injection
EUVDB-ID: #VU105829
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1670
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "cid" parameter. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWPSchoolPress: 2.2.1 - 2.2.16
CPE2.3- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.3:*:*:*:*:wordpress:*:*
https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/pages/wpsp-exams.php#L186
https://www.wordfence.com/threat-intel/vulnerabilities/id/f38c28f4-e73a-4eb2-8bbd-73c849385c4e?source=cve
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Missing Authorization
EUVDB-ID: #VU105838
Risk: Medium
CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1668
CWE-ID:
CWE-862 - Missing Authorization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to a missing capability check on the wpsp_DeleteUser() function. A remote user can delete arbitrary user accounts.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWPSchoolPress: 2.2.1 - 2.2.16
CPE2.3- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.3:*:*:*:*:wordpress:*:*
https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L22
https://www.wordfence.com/threat-intel/vulnerabilities/id/fd5638b6-134d-4386-af40-6ac961a915d7?source=cve
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Authorization bypass through user-controlled key
EUVDB-ID: #VU105832
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1667
CWE-ID:
CWE-639 - Authorization Bypass Through User-Controlled Key
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to a missing capability check on the wpsp_UpdateTeacher() function. A remote user can update arbitrary user details including email and gain elevated privileges on the system.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWPSchoolPress: 2.2.1 - 2.2.16
CPE2.3- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.3:*:*:*:*:wordpress:*:*
https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks-teacher.php#L544
https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) SQL injection
EUVDB-ID: #VU105830
Risk: Medium
CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2025-1669
CWE-ID:
CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the "addNotify" action. A remote user can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsWPSchoolPress: 2.2.1 - 2.2.16
CPE2.3- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.1:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.2:*:*:*:*:wordpress:*:*
- cpe:2.3:a:jdsofttech:wpschoolpress:2.2.3:*:*:*:*:wordpress:*:*
https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks.php#L4304
https://www.wordfence.com/threat-intel/vulnerabilities/id/b7413d90-aed1-4f78-a17c-bed76efb48f8?source=cve
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
