Skip to main content

CVE-2025-3740: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in dasinfomedia School Management System for Wordpress

High
VulnerabilityCVE-2025-3740cvecve-2025-3740cwe-22
Published: Fri Jul 18 2025 (07/18/2025, 04:23:00 UTC)
Source: CVE Database V5
Vendor/Project: dasinfomedia
Product: School Management System for Wordpress

Description

The School Management System for Wordpress plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 93.1.0 via the 'page' parameter. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The Local File Inclusion exploit can be chained to include various dashboard view files in the plugin. One such chain can be leveraged to update the password of Super Administrator accounts in Multisite environments making privilege escalation possible. The vendor has updated the version numbers beginning with `1.93.1 (02-07-2025)` for the patched version. This version comes after version 93.1.0.

AI-Powered Analysis

AILast updated: 07/18/2025, 04:46:32 UTC

Technical Analysis

CVE-2025-3740 is a high-severity vulnerability affecting the dasinfomedia School Management System plugin for WordPress, specifically versions up to and including 93.1.0. The vulnerability is classified as a CWE-22 Path Traversal flaw that enables Local File Inclusion (LFI) via the 'page' parameter. Authenticated attackers with Subscriber-level privileges or higher can exploit this flaw to include and execute arbitrary files on the server. This includes the execution of arbitrary PHP code embedded in files uploaded to the server, even if these files are ostensibly 'safe' types such as images. The vulnerability allows attackers to bypass access controls and access sensitive data. Furthermore, the LFI can be chained to include various dashboard view files within the plugin, which in multisite WordPress environments can be leveraged to escalate privileges by updating the password of Super Administrator accounts. This effectively allows attackers to gain full administrative control over the WordPress multisite installation. The vulnerability requires authentication but no user interaction beyond that. The vendor addressed this issue in version 1.93.1, released on 2 July 2025, which supersedes version 93.1.0. The CVSS v3.1 base score is 8.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and network attack vector. No known exploits in the wild have been reported yet, but the potential for severe impact is significant given the ability to achieve remote code execution and privilege escalation within WordPress multisite environments.

Potential Impact

For European organizations using the dasinfomedia School Management System plugin on WordPress, this vulnerability poses a critical risk. Exploitation can lead to unauthorized disclosure of sensitive educational data, including student records and administrative information, violating data protection regulations such as the GDPR. The ability to execute arbitrary code and escalate privileges to Super Administrator level threatens the integrity and availability of the entire WordPress multisite network, potentially resulting in full site compromise, defacement, or persistent backdoors. Educational institutions, government agencies, and private organizations managing school data are particularly at risk. The breach of confidentiality and integrity could lead to reputational damage, legal penalties, and operational disruptions. Since the vulnerability requires only subscriber-level authentication, attackers could exploit compromised or weak user credentials or social engineering to gain initial access, making the threat more feasible. The multisite privilege escalation aspect amplifies the impact by allowing attackers to control multiple sites within a network from a single exploit.

Mitigation Recommendations

European organizations should urgently update the dasinfomedia School Management System plugin to version 1.93.1 or later, which contains the patch for this vulnerability. Until the update is applied, organizations should restrict plugin access to trusted users only and monitor for unusual activity from subscriber-level accounts. Implement strict password policies and multi-factor authentication to reduce the risk of credential compromise. Conduct regular audits of user roles and permissions to ensure no unauthorized privilege escalation is possible. Employ web application firewalls (WAFs) with rules designed to detect and block path traversal and LFI attempts targeting the 'page' parameter. Additionally, disable or restrict file uploads where possible, or enforce strict file type validation and scanning to prevent malicious PHP code uploads disguised as images or other safe file types. For multisite WordPress environments, monitor for unexpected changes to Super Administrator accounts and implement alerting mechanisms for password changes or privilege escalations. Backup WordPress sites regularly and verify backup integrity to enable recovery in case of compromise.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-04-16T16:39:12.716Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 6879ce10a83201eaaceef294

Added to database: 7/18/2025, 4:31:12 AM

Last enriched: 7/18/2025, 4:46:32 AM

Last updated: 8/15/2025, 5:37:22 PM

Views: 15

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats