JP Students Result Management System Premium CVE-2025-31916
CRITICALSeverity by source
AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
AnalysisAI
Unrestricted file upload in JP Students Result Management System Premium WordPress plugin versions 1.1.7 and later enables remote unauthenticated attackers to upload and execute malicious web shells, achieving complete server compromise with high complexity exploitation requirements. Reported by Patchstack security researchers, this vulnerability carries a 0.31% EPSS exploitation probability (54th percentile), indicating moderate but not negligible real-world risk. No active exploitation confirmed in CISA KEV at time of analysis, though the cross-scope impact (S:C in CVSS vector) suggests potential for lateral movement beyond the WordPress application itself.
Technical ContextAI
This vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), a classic web application security flaw where insufficient validation allows attackers to upload executable code disguised as legitimate files. The affected component is a WordPress plugin designed for educational institutions to manage student results. The plugin fails to properly validate file extensions, MIME types, or content before accepting uploads, enabling attackers to bypass restrictions and place PHP web shells or other server-side scripts in web-accessible directories. The CVSS vector indicates network-based exploitation (AV:N) with high attack complexity (AC:H), suggesting exploitation requires specific timing, configuration knowledge, or race conditions rather than straightforward upload abuse. The changed scope metric (S:C) is particularly significant for WordPress plugins, indicating the vulnerability can impact resources beyond the plugin's security boundary-potentially the underlying web server, filesystem, or other WordPress components.
Affected ProductsAI
The vulnerability affects JP Students Result Management System Premium WordPress plugin version 1.1.7 and potentially later versions (indicated by 'through n/a' in the CVE description, meaning the upper bound is undefined at publication). This is a premium (paid) WordPress plugin developed by joy2012bd, primarily deployed in educational institutions for managing student examination results and grade reporting. The Patchstack database entry at https://patchstack.com/database/wordpress/plugin/jp-students-result-system-premium/vulnerability/wordpress-jp-students-result-management-system-premium-plugin-1-1-7-arbitrary-file-upload-vulnerability serves as the primary vendor advisory source. No CPE identifiers were provided in the available data, limiting automated asset inventory correlation.
RemediationAI
Organizations should immediately check if JP Students Result Management System Premium plugin is installed (verify in WordPress admin under Plugins) and determine the installed version. Consult the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/jp-students-result-system-premium/ for vendor-released patched versions-as of this analysis, the exact fixed version number was not confirmed in available NVD data, indicating either delayed vendor response or ongoing patching process. If no patch is available or upgrade is delayed, implement defense-in-depth controls: (1) Restrict access to the WordPress admin panel and plugin upload functionality to trusted IP ranges via web application firewall rules or .htaccess directives-this reduces attack surface but breaks remote administration workflows. (2) Deploy file upload validation at the web server level using ModSecurity or similar WAF rulesets to block executable file extensions (.php, .phtml, .php5, .phar) in upload directories-note this may interfere with legitimate plugin functionality requiring server-side script uploads. (3) Configure web server to prevent script execution in upload directories via .htaccess (Apache) or location blocks (Nginx) with 'php_flag engine off' or similar directives-this prevents uploaded shells from executing but may break plugins relying on processed uploads. (4) As a temporary emergency measure, disable the entire plugin if student result management can be suspended, though this impacts core institutional operations. Verify Patchstack advisory for plugin-specific workarounds and monitor WordPress security channels for updated guidance.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today