Description
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Published: 2025-03-15
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection allowing extraction of sensitive database information
Action: Patch immediately
AI Analysis

Impact

The WPSchoolPress plugin for WordPress contains an unescaped parameter in the 'addNotify' action, which permits an authenticated user with teacher or higher privileges to inject arbitrary SQL into the backend query. This leads to the ability to read or modify data exposed in the database, constituting a data exfiltration vulnerability. The flaw is classified as CWE-89, reflecting improper constraint or sanitization of SQL input.

Affected Systems

WordPress installations running the jdsofttech School Management System – WPSchoolPress plugin up to and including version 2.2.17. The affected code resides in the plugin’s lib/wpsp-ajaxworks.php file. Users of any WordPress instance that has installed this plugin within the specified version range are susceptible.

Risk and Exploitability

The issue has a CVSS score of 6.5, indicating moderate severity, and an EPSS score of less than 1%, implying a very low but non‑zero exploitation probability. It is not currently listed in the CISA KEV catalog. The most likely attack path requires the attacker to first log in as a teacher or higher role, then target the addNotify endpoint via the web interface or API. Once authenticated, the attacker can embed malicious SQL fragments that the plugin concatenates into a larger query, enabling data retrieval or modification.

Generated by OpenCVE AI on April 20, 2026 at 23:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WPSchoolPress to version 2.2.18 or later, which includes proper input sanitization for the addNotify action
  • Restrict teacher accounts to the minimum necessary permissions and audit their access levels regularly
  • Implement application‑level request filtering to block malformed SQL payloads in the addNotify endpoint
  • Use database parameter binding if custom queries are added, ensuring that all user input is properly escaped

Generated by OpenCVE AI on April 20, 2026 at 23:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-6621 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
History

Wed, 08 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.17 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Teacher+) SQL Injection School Management System – WPSchoolPress <= 2.2.17 - Authenticated (Teacher+) SQL Injection
References

Tue, 15 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00036}

 epss

{'score': 0.00047}

Fri, 28 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Igexsolutions
Igexsolutions wpschoolpress
CPEs cpe:2.3:a:igexsolutions:wpschoolpress:*:*:*:*:*:wordpress:*:*
Vendors & Products Igexsolutions
Igexsolutions wpschoolpress

Mon, 17 Mar 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Sat, 15 Mar 2025 03:45:00 +0000

Type Values Removed Values Added
Description The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'addNotify' action in all versions up to, and including, 2.2.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with teacher-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Title School Management System – WPSchoolPress <= 2.2.16 - Authenticated (Teacher+) SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Igexsolutions Wpschoolpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:17:37.770Z

Reserved: 2025-02-24T21:28:02.924Z

Link: CVE-2025-1669

cve-icon Vulnrichment

Updated: 2025-03-17T21:25:22.124Z

cve-icon NVD

Status : Modified

Published: 2025-03-15T04:15:21.630

Modified: 2026-04-08T19:23:51.290

Link: CVE-2025-1669

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:45:21Z

Weaknesses