CVE-2025-1667 – WordPress WPSchoolPress Privilege Escalation Vulnerability

March 15, 2025
5:17 am

CVE ID : CVE-2025-1667

Published : March 15, 2025, 4:15 a.m. | 45 minutes ago

Description : The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2025-1667 – WordPress WPSchoolPress Privilege Escalation Vulnerability

Elvescore.io

Recent Posts

CVE-2025-1653 – uListing WordPress Plugin Privilege Escalation Vulnerability

CVE-2025-1657 – WordPress uListing Plugin Directory Listing Data Modification and PHP Object Injection Vulnerability

CVE-2024-12336 – WordPress WC Affiliate – Unauthenticated Data Exposure

CVE-2024-13847 – WordPress Portfolio and Projects Plugin Stored Cross-Site Scripting Vulnerability