Igexsolutions

Wpschoolpress

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2025-1667

  • EPSS 0.14%
  • Veröffentlicht 15.03.2025 03:23:25
  • Zuletzt bearbeitet 28.03.2025 12:46:27

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for au...

5.4

CVE-2025-1668

  • EPSS 0.1%
  • Veröffentlicht 15.03.2025 03:23:25
  • Zuletzt bearbeitet 28.03.2025 20:00:14

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. This makes it possible for au...

6.5

CVE-2025-1670

  • EPSS 0.1%
  • Veröffentlicht 15.03.2025 03:23:25
  • Zuletzt bearbeitet 28.03.2025 19:58:39

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient p...

6.5

CVE-2025-1669

  • EPSS 0.1%
  • Veröffentlicht 15.03.2025 03:23:24
  • Zuletzt bearbeitet 28.03.2025 19:59:11

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficien...

6.5

CVE-2024-12332

  • EPSS 0.43%
  • Veröffentlicht 07.01.2025 05:15:18
  • Zuletzt bearbeitet 14.07.2025 17:49:38

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient p...

8.8

CVE-2024-9637

  • EPSS 0.22%
  • Veröffentlicht 26.10.2024 09:15:04
  • Zuletzt bearbeitet 10.07.2025 18:19:01

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10. This is due to the plugin not properly validating a user's identity prior to up...

8.8

CVE-2023-4776

Exploit
  • EPSS 0.23%
  • Veröffentlicht 16.10.2023 20:15:16
  • Zuletzt bearbeitet 23.04.2025 17:16:46

The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Tea...

8.8

CVE-2021-24575

Exploit
  • EPSS 0.7%
  • Veröffentlicht 08.11.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:20

The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticat...

4.8

CVE-2021-24664

Exploit
  • EPSS 1.37%
  • Veröffentlicht 08.11.2021 18:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:31

The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues.