CVE-2025-15657
published 2026-06-17CVE-2025-15657: WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability Unauthenticated Insecure Direct Object References (IDOR)…
medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.23%
13.4th percentile
WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mojoomla | school_management | n/a – 93.1.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
Mojoomla School Management Plugin up to 93.1.0 on WordPress authorization (EUVD-2025-210249)
vuldb·2026-06-18
CVE-2025-15657 [LOW] Mojoomla School Management Plugin up to 93.1.0 on WordPress authorization (EUVD-2025-210249)
A vulnerability marked as problematic has been reported in Mojoomla School Management Plugin up to 93.1.0 on WordPress. This issue affects some unknown processing. Performing a manipulation results in authorization bypass.
This vulnerability is identified as CVE-2025-15657. The attack can be initiated remotely. There is not any exploit available.
CVEList
WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
cvelistv5·2026-06-17·CVSS 5.3
CVE-2025-15657 [MEDIUM] CWE-639 WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
WordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerability
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
GHSA
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
ghsa_unreviewed·2026-06-17
CVE-2025-15657 [MEDIUM] CWE-639 Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2026-06-17
Published