CVE-2025-15656
Incorrect Privilege Assignment in Mojoomla School Management
Publication date: 2026-06-03
Last updated on: 2026-06-03
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| patchstack | school_management | to 93.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-266 | A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-15656 is a privilege escalation vulnerability in the WordPress School Management Plugin, versions 93.2.0 and below. It allows attackers who already have low-level access to the system to escalate their privileges and potentially gain full control over the website.
This vulnerability is considered moderately dangerous with a CVSS score of 8.8, indicating it can be exploited relatively easily and may affect many websites.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker to gain full control of your website by escalating their privileges from a low-level user to an administrator or higher.
This could lead to unauthorized access, data theft, data manipulation, or complete takeover of the affected website.
Because the vulnerability has a high severity score, it poses a significant risk and could be targeted in widespread attacks.
What immediate steps should I take to mitigate this vulnerability?
Immediate action is advised to mitigate this vulnerability since there is no official patch available yet.
- Update the WordPress School Management plugin to the latest version once an official patch is released.
- Apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.
- Seek assistance from your hosting provider or a developer to implement temporary protections.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows attackers with low-level access to escalate their privileges and potentially gain full control of the website. This could lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations such as GDPR and HIPAA.
Since the vulnerability enables privilege escalation and full control, it increases the risk of data breaches, unauthorized data modification, and data availability issues, all of which are critical concerns under common standards and regulations.
No specific details about compliance impact or regulatory guidance are provided in the available resources.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.