CVE-2025-1667
Published: 15 March 2025
Summary
CVE-2025-1667 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Igexsolutions Wpschoolpress. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 29.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for access to system resources, directly addressing the missing capability check in wpsp_UpdateTeacher() that allows unauthorized user detail updates.
Requires timely identification, reporting, and remediation of flaws like the authorization bypass in the WPSchoolPress plugin, preventing exploitation across affected versions.
Employs least privilege to limit teacher-level accounts from performing actions like updating arbitrary user emails, mitigating escalation potential despite the bypass.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The missing authorization check in wpsp_UpdateTeacher() directly enables T1068 (Exploitation for Privilege Escalation) by allowing low-privileged authenticated users to escalate to admin via arbitrary account updates, and facilitates T1098 (Account Manipulation) by permitting modification of user details like email addresses to hijack accounts through password resets.
NVD Description
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…
more
teacher-level access and above, to update arbitrary user details including email which makes it possible to request a password reset and access arbitrary user accounts, including administrators.
Deeper analysisAI
CVE-2025-1667 is a privilege escalation vulnerability in the School Management System – WPSchoolPress plugin for WordPress, stemming from a missing capability check in the wpsp_UpdateTeacher() function. It affects all versions up to and including 2.2.16. The issue is rated with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and is associated with CWE-639 (Authorization Bypass Through User-Controlled Key) and CWE-862 (Missing Authorization).
Authenticated attackers with teacher-level access or higher can exploit this vulnerability over the network with low complexity and no user interaction required. By calling the vulnerable function, they can update arbitrary user details, including email addresses, enabling them to request password resets and subsequently gain unauthorized access to any user account, including administrator accounts.
References include code excerpts from the WordPress plugin trac repository, highlighting line 544 in the vulnerable version 2.2.16 (wpsp-ajaxworks-teacher.php) and the subsequent version 2.2.17, indicating a potential patch introduction. The Wordfence threat intelligence page provides further details on the vulnerability (ID: e54f98bc-c538-4f3c-b24a-6e778a3748ef).
Details
- CWE(s)