CVE-2025-11981

Name of the Vulnerable Software and Affected Versions WPSchoolPress versions through 2.2.23

Description The School Management System – WPSchoolPress plugin for WordPress is susceptible to SQL Injection through the SCodes parameter. Insufficient input sanitization and inadequate SQL query preparation allow authenticated attackers with administrator-level access or higher to inject additional SQL queries. This can lead to the extraction of sensitive information from the database.

Recommendations Update WPSchoolPress to a version later than 2.2.23.