Critical 9.9 Unfixed
2025-08-31≤ 1.93.1 (02-07-2025)
WordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload Vulnerability
School Management
Vulnerabilities 23Slug school-management
Minimum safe version
93.0.0
Update to 93.0.0 or later to address 8 fixable vulnerabilities
⚠ 15 vulnerabilities have no fix
Medium 6.5 Unfixed
2025-08-26≤ 93.2.0
WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability
N/A Unfixed
2025-08-15≤ 93.2.0
School Management <= 93.2.0 - Missing Authorization
N/A Unfixed
2025-08-15≤ 93.1.0
School Management <= 93.1.0 - Unauthenticated Insecure Direct Object Reference
N/A Unfixed
2025-08-15≤ 93.2.0
School Management <= 93.2.0 - Authenticated (Support staff+) SQL Injection
High 8.8 Unfixed
2025-08-16≤ 93.2.0
School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload
High 7.5 Unfixed
2025-08-16≤ 93.2.0
School Management System for Wordpress <= 93.2.0 - Unauthenticated SQL Injection
High 8.8
2025-07-18< 1.93.1 (02-07-2025)
School Management System for Wordpress <= 93.1.0 - Authenticated (Subscriber+) Local File Inclusion to Privilege Escalation via Password Update
High 7.1 Unfixed
2025-06-27≤ 92.0.0
WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
High 7.5 Unfixed
2025-06-17≤ 93.0.0
WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability
Critical 9.3 Unfixed
2025-06-17≤ 92.0.0
WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability
High 8.5 Unfixed
2025-05-23≤ 92.0.0
WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability
High 7.1 Unfixed
2025-05-23≤ 92.0.0
WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
High 8.8 Unfixed
2025-03-07≤ 93.0.0
School Management System for Wordpress <= 93.0.0 - Authenticated (Student+) Account Takeover and Privilege Escalation
Medium 5.3 Unfixed
2025-03-07≤ 93.0.0
School Management System for Wordpress <= 93.0.0 - Reflected Cross-Site Scripting
Medium 6.5
2025-03-07< 93.0.0
CVE-2024-12607
Medium 5.3 Unfixed
2025-03-07≤ 93.0.0
School Management System for Wordpress <= 93.0.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
Medium 6.5
2025-03-07< 93.0.0
CVE-2024-12609
High 8.8
2024-11-23< 92.0.0
CVE-2024-9660
Critical 9.8
2024-11-23< 92.0.0
CVE-2024-9659
N/A
< 57.0
School Management < 57.0 - CSRF and Stored XSS
N/A
2019-07-13< 57.0
School Management System for Wordpress <= 56.0 - Cross-Site Request Forgery
N/A
2019-07-13< 57.0
WordPress School Management plugin < 57.0 - Cross-Site Request Forgery (CSRF) and Stored Cross-Site Scripting (XSS) vulnerabilities