Vulnerabilities > Igexsolutions
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-15 | CVE-2025-1667 | Authorization Bypass Through User-Controlled Key vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. | 4.3 |
| 2025-03-15 | CVE-2025-1668 | Missing Authorization vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to arbitrary user deletion due to a missing capability check on the wpsp_DeleteUser() function in all versions up to, and including, 2.2.16. | 5.4 |
| 2025-03-15 | CVE-2025-1669 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2025-03-15 | CVE-2025-1670 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 6.5 |
| 2023-10-16 | CVE-2023-4776 | SQL Injection vulnerability in Igexsolutions Wpschoolpress The School Management System WordPress plugin before 2.2.5 uses the WordPress esc_sql() function on a field not delimited by quotes and did not first prepare the query, leading to a SQL injection exploitable by relatively low-privilege users like Teachers. | 8.8 |
| 2021-11-08 | CVE-2021-24575 | Unspecified vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above. | 8.8 |
| 2021-11-08 | CVE-2021-24664 | Unspecified vulnerability in Igexsolutions Wpschoolpress The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting issues. | 4.8 |