Key Information Vulnerability Name: WordPress School Management Plugin <= 1.93.1 (02-07-2025) is vulnerable to Arbitrary File Upload Priority: High priority Affected Versions: <= 1.93.1 (02-07-2025) Risk: This vulnerability is highly dangerous and expected to become mass exploited. Vulnerability Type: Arbitrary File Upload Description: This could allow a malicious actor to upload any type of file to your website. This can include backdoors which are then executed to gain further access to your website. Solution: Automatically mitigate vulnerabilities and keep your websites safe. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until an official fix becomes available; can be tested and be safely applied. Timeline: - Reported by Bonds: 20 Jul 2025 - Early warning sent out to Patchstack customers: 12 Aug 2025 - Published by Patchstack: 14 Aug 2025