Description
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation.

This issue affects School Management: from n/a through 93.2.0.
Published: 2026-06-03
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

This vulnerability is an incorrect privilege assignment issue within the Mojoomla School Management plugin for WordPress. It allows a user with lower level permissions to elevate their access rights to those of a higher‑privilege role, potentially giving them administrative control over the plugin and related CMS data. The impact is an attacker able to modify, delete, or create content, alter settings, or compromise the overall integrity of the site.

Affected Systems

The affected product is the Mojoomla School Management WordPress plugin, versions up to and including 93.2.0. Any installation using these or earlier releases is vulnerable and must be updated to a newer non‑vulnerable version.

Risk and Exploitability

With a CVSS score of 8.8, this issue is classified as high severity. The EPSS score is not available, but the lack of KEV listing does not diminish the risk. The vulnerability is likely exploitable by a remote attacker with normal user access who can send crafted requests to the plugin’s endpoints to manipulate internal role assignments. Once compromised, the attacker can gain full administrative capabilities within the WordPress site.

Generated by OpenCVE AI on June 3, 2026 at 12:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the School Management plugin to the latest version, which removes the privilege assignment flaw.
  • If an immediate update is not possible, disable or uninstall the plugin to prevent exploitation.
  • After updating, review all user roles and permissions in WordPress to ensure no unintended roles were granted during the attack window.

Generated by OpenCVE AI on June 3, 2026 at 12:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Mojoomla
Mojoomla school Management
Wordpress
Wordpress wordpress
Vendors & Products Mojoomla
Mojoomla school Management
Wordpress
Wordpress wordpress

Wed, 03 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Description Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
Title WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability
Weaknesses CWE-266
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Mojoomla School Management
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-03T14:14:02.597Z

Reserved: 2026-06-03T09:03:19.449Z

Link: CVE-2025-15656

cve-icon Vulnrichment

Updated: 2026-06-03T14:13:57.503Z

cve-icon NVD

Status : Received

Published: 2026-06-03T11:16:19.390

Modified: 2026-06-03T11:16:19.390

Link: CVE-2025-15656

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T12:30:26Z

Weaknesses