#VU105832 Authorization bypass through user-controlled key in WPSchoolPress - CVE-2025-1667

Cybersecurity Help s.r.o.

Published: 2025-03-18

Vulnerability identifier: #VU105832

Vulnerability risk: Medium

CVSSv4.0: 6.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-1667

CWE-ID: CWE-639

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WPSchoolPress
Web applications / Modules and components for CMS

Vendor: WpSchoolPress Team

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a missing capability check on the wpsp_UpdateTeacher() function. A remote user can update arbitrary user details including email and gain elevated privileges on the system.

Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

WPSchoolPress: 2.2.1 - 2.2.16

External links
https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks-teacher.php#L544
https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in WPSchoolPress plugin for WordPress