PT-2025-29986 · WordPress · School Management System For Wordpress
Thái An
·
Published
2025-07-18
·
Updated
2025-07-22
·
CVE-2025-3740
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
School Management System for Wordpress plugin for WordPress versions prior to 93.1.0
Description
The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion via the
page parameter. This allows authenticated attackers with Subscriber-level access and above to include and execute arbitrary files on the server, potentially enabling the execution of PHP code. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. Privilege escalation is possible in Multisite environments by updating Super Administrator passwords.Recommendations
Update to version 93.1.0 or later.
Fix
LPE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
School Management System For Wordpress