cleantalk
Vulnerabilities and Security Researches

School Management System – WPSchoolPress, CVE-2021-24575

CVE, Research URL

CVE-2021-24575

Home page URL

Security reports for School Management System – WPSchoolPress

Application

School Management System – WPSchoolPress

Published on
Nov 08, 2021
Research Description
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to teachers and above.
Affected versions
Min -, max 2.1.10.
Status
vulnerable
Previous vulnerability researches
School Management System – WPSchoolPress (CVE-2021-24664) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2021-24575) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2023-4776) , Jun 06, 2024
School Management System – WPSchoolPress (CVE-2025-1668) , Mar 16, 2025
School Management System – WPSchoolPress (CVE-2025-1669) , Mar 16, 2025
New vulnerability
Clearout Email Validator – Real Time Email Validation on WordPress Forms (CVE-2025-30789) , Mar 28, 2025
Order Status Rules for WooCommerce (CVE-2025-30781) , Mar 28, 2025
Product Catalog – Catalog for WordPress (CVE-2025-30524) , Mar 28, 2025
Chatbox Manager (CVE-2025-30790) , Mar 28, 2025
Translate Multilingual sites – TranslatePress (CVE-2025-30773) , Mar 28, 2025