Unrestricted File Upload Vulnerability in Mojoomla School Management
CVE-2025-31100

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: School Management
Vendor: CVE Published:; 31 August 2025

What is CVE-2025-31100?

The Mojoomla School Management application is susceptible to an unrestricted file upload vulnerability that allows malicious users to upload files of dangerous types, potentially leading to the execution of arbitrary code on the server. This vulnerability impacts versions from n/a to 1.93.1, allowing the possibility of a web shell being placed on the server, which can be exploited for unauthorized access and data breaches.

Affected Version(s)

School Management <= 1.93.1 (02-07-2025)

References

https://patchstack.com/database/wordpress/plugin/school-m...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

Bonds (Patchstack Bug Bounty Program)

WordPress

What is CVE-2025-31100?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit