{"id":59603,"date":"2025-07-24T05:57:19","date_gmt":"2025-07-24T05:57:19","guid":{"rendered":""},"modified":"2025-08-08T17:09:06","modified_gmt":"2025-08-08T23:09:06","slug":"cve-2025-3740-critical-local-file-inclusion-vulnerability-in-school-management-system-for-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-3740-critical-local-file-inclusion-vulnerability-in-school-management-system-for-wordpress-plugin\/","title":{"rendered":"CVE-2025-3740: Critical Local File Inclusion Vulnerability in School Management System for WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-3740 vulnerability refers to a Local File Inclusion (LFI) flaw found in the School Management System for WordPress plugin. This vulnerability, which affects all versions up to and including 93.1.0, could potentially allow an authenticated attacker to execute arbitrary PHP code files on a server. This flaw is particularly concerning as it can be used to bypass access controls, gain sensitive data, or achieve code execution<\/a> in cases where images and other \u201csafe\u201d file types can be uploaded and included. As a result, systems that use this WordPress plugin<\/a> are at risk for data leakage or potential system compromise.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-3740
\nSeverity: Critical (CVSS: 8.8)
\nAttack Vector: Local
\nPrivileges Required: Subscriber-level access
\nUser Interaction: Required
\nImpact: System compromise and potential<\/a> data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n