Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Mojoomla — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting Mojoomla. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Mojoomla is a content management system primarily utilized for building websites and online applications, leveraging a modular architecture that allows developers to extend functionality through plugins and components. Historically, the platform has been associated with a significant number of security flaws, including twenty-seven recorded CVEs, predominantly stemming from insufficient input validation and improper access controls. Common vulnerability classes affecting Mojoomla instances include remote code execution, cross-site scripting, and privilege escalation, often resulting from outdated extensions or core software versions that fail to patch known exploits. Security incidents frequently involve unauthorized data access or site defacement due to these unpatched weaknesses. Consequently, maintaining rigorous update protocols and auditing third-party extensions are critical for mitigating risks, as the platform’s open-source nature exposes it to widespread exploitation when administrators neglect timely security patches and configuration hardening measures.

Top products by Mojoomla: WPAMS School Management Hospital Management System WPGYM WPCRM - CRM for Contact form CF7 & WooCommerce WPCHURCH
CVE IDTitleCVSSSeverityPublished
CVE-2025-32303 WordPress WPCHURCH plugin <= 2.7.0 - SQL Injection Vulnerability — WPCHURCHCWE-89 9.3 Critical2026-01-07
CVE-2025-32304 WordPress WPCHURCH plugin <= 2.7.0 - Local File Inclusion vulnerability — WPCHURCHCWE-98 8.1 High2026-01-06
CVE-2025-31100 WordPress School Management Plugin <= 1.93.1 (02-07-2025) - Arbitrary File Upload Vulnerability — School ManagementCWE-434 9.9 Critical2025-08-31
CVE-2025-48108 WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability — School ManagementCWE-862 6.5 Medium2025-08-26
CVE-2025-32574 WordPress WPGYM plugin <= 65.0 - SQL Injection vulnerability — WPGYMCWE-89 8.5 High2025-07-16
CVE-2025-24774 WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability — WPCRM - CRM for Contact form CF7 & WooCommerceCWE-79 7.1 High2025-06-27
CVE-2025-47574 WordPress School Management System Plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — School ManagementCWE-79 7.1 High2025-06-27
CVE-2025-24773 WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - SQL Injection Vulnerability — WPCRM - CRM for Contact form CF7 & WooCommerceCWE-89 9.3 Critical2025-06-17
CVE-2025-32549 WordPress WPGYM <= 65.0 - Local File Inclusion Vulnerability — WPGYMCWE-98 7.5 High2025-06-17
CVE-2025-47573 WordPress School Management System Plugin <= 92.0.0 - SQL Injection vulnerability — School ManagementCWE-89 9.3 Critical2025-06-17
CVE-2025-47572 WordPress School Management <= 93.0.0 - Local File Inclusion Vulnerability — School ManagementCWE-98 7.5 High2025-06-17
CVE-2025-47575 WordPress School Management plugin <= 92.0.0 - SQL Injection vulnerability — School ManagementCWE-89 8.5 High2025-05-23
CVE-2025-47613 WordPress School Management System for Wordpress plugin <= 92.0.0 - Reflected Cross Site Scripting (XSS) vulnerability — School ManagementCWE-79 7.1 High2025-05-23
CVE-2025-47631 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Privilege Escalation vulnerability — Hospital Management SystemCWE-266 8.8 High2025-05-23
CVE-2025-47663 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability — Hospital Management SystemCWE-434 9.9 Critical2025-05-23
CVE-2025-39357 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability — Hospital Management SystemCWE-89 8.5 High2025-05-19
CVE-2025-39380 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Arbitrary File Upload vulnerability — Hospital Management SystemCWE-434 10.0 Critical2025-05-19
CVE-2025-39386 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - SQL Injection vulnerability — Hospital Management SystemCWE-89 9.3 Critical2025-05-19
CVE-2025-39392 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Cross Site Scripting (XSS) vulnerability — WPAMSCWE-79 7.1 High2025-05-19
CVE-2025-39393 WordPress Hospital Management System plugin <= 47.0(20-11-2023) - Cross Site Scripting (XSS) vulnerability — Hospital Management SystemCWE-79 7.1 High2025-05-19
CVE-2025-39395 WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability — WPAMSCWE-89 9.3 Critical2025-05-19
CVE-2025-39401 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability — WPAMSCWE-434 10.0 Critical2025-05-19
CVE-2025-39402 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Arbitrary File Upload vulnerability — WPAMSCWE-434 9.9 Critical2025-05-19
CVE-2025-39403 WordPress WPAMS plugin <= 44.0 (17-08-2023) - SQL Injection vulnerability — WPAMSCWE-89 8.5 High2025-05-19
CVE-2025-39405 WordPress WPAMS plugin <= 44.0 (17-08-2023) - Privilege Escalation vulnerability — WPAMSCWE-266 8.8 High2025-05-19
CVE-2025-39406 WordPress WPAMS plugin <= 44.0 - Local File Inclusion to Privilege Escalation vulnerability — WPAMSCWE-98 9.8 Critical2025-05-19
CVE-2025-32643 WordPress WPGYM Plugin <= 65.0 - SQL Injection vulnerability — WPGYMCWE-89 9.3 Critical2025-05-16

This page lists every published CVE security advisory associated with Mojoomla. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.