๐Ÿ” CVE Alert

CVE-2026-39631

MEDIUM 4.9

WordPress WPSchoolPress plugin <= 2.2.35 - Broken Access Control vulnerability

CVSS Score
4.9
EPSS Score
0.0%
EPSS Percentile
4th

Missing Authorization vulnerability in Ronik@UnlimitedWP WPSchoolPress wpschoolpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through <= 2.2.35.

CWE CWE-862
Vendor ronik@unlimitedwp
Product wpschoolpress
Published Apr 8, 2026
Last Updated Apr 9, 2026
Stay Ahead of the Next One

Get instant alerts for ronik@unlimitedwp wpschoolpress

Be the first to know when new medium vulnerabilities affecting ronik@unlimitedwp wpschoolpress are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Ronik@UnlimitedWP / WPSchoolPress
0 โ‰ค 2.2.35

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/wpschoolpress/vulnerability/wordpress-wpschoolpress-plugin-2-2-35-broken-access-control-vulnerability?_s_id=cve

Credits

Nabil Irawan | Patchstack Bug Bounty Program