Main Vulnerability Database Vulnerabilities #VU105832

#VU105832 Authorization bypass through user-controlled key in WPSchoolPress - CVE-2025-1667

Published: March 18, 2025

Vulnerability identifier: #VU105832

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-1667

CWE-ID: CWE-639

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
WPSchoolPress

Software vendor:
WpSchoolPress Team

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to a missing capability check on the wpsp_UpdateTeacher() function. A remote user can update arbitrary user details including email and gain elevated privileges on the system.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://plugins.trac.wordpress.org/browser/wpschoolpress/tags/2.2.16/lib/wpsp-ajaxworks-teacher.php#L544
https://www.wordfence.com/threat-intel/vulnerabilities/id/e54f98bc-c538-4f3c-b24a-6e778a3748ef?source=cve

#VU105832 Authorization bypass through user-controlled key in WPSchoolPress - CVE-2025-1667

Description

Remediation

External links

Please verify you're human