Description
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
Published: 2025-03-15
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation via missing authorization check
Action: Immediate Patch
AI Analysis

Impact

The WPSchoolPress plugin for WordPress has a flaw in the wpsp_UpdateTeacher() function that omits a capability check. This vulnerability allows authenticated users holding teacher-level or higher permissions to modify any user record, including changing email addresses. By doing so, the attacker can trigger password reset requests for arbitrary accounts, thereby gaining access to administrator or other privileged user accounts. The impact is the loss of confidentiality and integrity of all accounts within the WordPress installation.

Affected Systems

The vulnerability applies to the jdsofttech School Management System – WPSchoolPress plugin for WordPress, specifically all releases up to and including version 2.2.16. The affected code resides in the wpsp-ajaxworks-teacher.php file within the plugin archive. Users running any of these versions on a WordPress site are at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity, and the EPSS score of less than 1% suggests the flaw has not been widely exploited yet, though its presence in CISA KEV is not reported. The attack vector requires an authenticated teacher-level or higher account; once such a user is compromised or deliberately used, privilege escalation can be achieved. Therefore the threat remains significant for environments where teacher roles are widely granted or where user passwords are weak.

Generated by OpenCVE AI on April 20, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WPSchoolPress plugin to version 2.2.17 or later.
  • Revoke teacher and above permissions for all accounts and re‑evaluate role assignments to limit unnecessary exposure.
  • If an upgrade cannot be performed immediately, temporarily disable or restrict the wpsp_UpdateTeacher endpoint so it only responds to administrators, or disable the plugin entirely until a patch is applied.

Generated by OpenCVE AI on April 20, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-6622 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
References

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.0004}

 epss

{'score': 0.00052}

Fri, 28 Mar 2025 13:15:00 +0000

Type Values Removed Values Added
First Time appeared Igexsolutions
Igexsolutions wpschoolpress
Weaknesses CWE-862
CPEs cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Igexsolutions
Igexsolutions wpschoolpress

Mon, 17 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 15 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Description The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
Title School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Igexsolutions Wpschoolpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:29:50.536Z

Reserved: 2025-02-24T21:21:35.824Z

Link: CVE-2025-1667

cve-icon Vulnrichment

Updated: 2025-03-17T21:26:00.445Z

cve-icon NVD

Status : Modified

Published: 2025-03-15T04:15:21.273

Modified: 2026-04-08T19:23:51.043

Link: CVE-2025-1667

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses