The School Management System for WordPress plugin by dasinfomedia suffers from an authentication bypass vulnerability (CWE-288) that enables privilege escalation via account takeover. The flaw arises because the plugin does not properly validate user identity before allowing updates to sensitive user details such as email and password through the mj_smgt_update_user() and mj_smgt_add_admission() functions. Additionally, a local file inclusion vulnerability is present. Authenticated attackers with at least student-level privileges can exploit this to change credentials of any user, including administrators, thereby gaining unauthorized access to higher-privilege accounts. The vulnerability affects all versions up to and including 93.0.0. There is no vendor patch or advisory available, and no known exploits in the wild have been reported.

Successful exploitation allows an attacker with low-level authenticated access to escalate privileges by taking over accounts of other users, including administrators. This leads to full compromise of the affected WordPress site using the plugin, with confidentiality, integrity, and availability impacts rated high (CVSS 8.8). The vulnerability can result in unauthorized administrative control and potential site takeover.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. No official fix or patch has been published as of the provided data. Until a patch is available, restrict access to trusted users only and consider disabling or removing the vulnerable plugin to prevent exploitation. Monitor for updates from dasinfomedia or WordPress plugin repositories for an official fix.