CVE-2025-15656
Deferred Deferred - Pending Action
Incorrect Privilege Assignment in Mojoomla School Management

Publication date: 2026-06-03

Last updated on: 2026-06-03

Assigner: Patchstack

Description
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-03
Last Modified
2026-06-03
Generated
2026-06-24
AI Q&A
2026-06-03
EPSS Evaluated
2026-06-22
NVD
CVE-2025-15656
EUVD
EUVD-2025-210049
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
patchstack school_management to 93.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-266 A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-15656 is a privilege escalation vulnerability in the WordPress School Management Plugin, versions 93.2.0 and below. It allows attackers who already have low-level access to the system to escalate their privileges and potentially gain full control over the website.

This vulnerability is considered moderately dangerous with a CVSS score of 8.8, indicating it can be exploited relatively easily and may affect many websites.

Impact Analysis

If exploited, this vulnerability can allow an attacker to gain full control of your website by escalating their privileges from a low-level user to an administrator or higher.

This could lead to unauthorized access, data theft, data manipulation, or complete takeover of the affected website.

Because the vulnerability has a high severity score, it poses a significant risk and could be targeted in widespread attacks.

Mitigation Strategies

Immediate action is advised to mitigate this vulnerability since there is no official patch available yet.

  • Update the WordPress School Management plugin to the latest version once an official patch is released.
  • Apply the mitigation rule provided by Patchstack to block attacks targeting this vulnerability.
  • Seek assistance from your hosting provider or a developer to implement temporary protections.
Compliance Impact

The vulnerability allows attackers with low-level access to escalate their privileges and potentially gain full control of the website. This could lead to unauthorized access to sensitive data, which may impact compliance with data protection regulations such as GDPR and HIPAA.

Since the vulnerability enables privilege escalation and full control, it increases the risk of data breaches, unauthorized data modification, and data availability issues, all of which are critical concerns under common standards and regulations.

No specific details about compliance impact or regulatory guidance are provided in the available resources.

Detection Guidance

There is no specific information provided about detection methods or commands to identify this vulnerability on your network or system.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-15656. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart