School Management System for WordPress Local File Inclusion Vulnerability Allowing Privilege Escalation
Vulnerability
A local file inclusion vulnerability has been identified in the School Management System for WordPress plugin, affecting all versions through 93.1.0. The vulnerability arises from improper handling of the 'page' parameter, allowing authenticated attackers with Subscriber-level access or higher to include and execute arbitrary files on the server. This exploitation can bypass access controls, access sensitive information, or execute PHP code in uploaded files. In Multisite environments, this vulnerability can be chained to update the passwords of Super Administrator accounts, leading to privilege escalation.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive data, execution of malicious PHP code on the server, and privilege escalation in WordPress Multisite environments.
Remediation
Users are advised to update the plugin to version 1.93.1 or later.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.