Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
Lifecycle Timeline
5DescriptionCVE.org
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Codexpert, Inc CoSchool LMS coschool allows Blind SQL Injection.This issue affects CoSchool LMS: from n/a through <= 1.4.3.
AnalysisAI
Blind SQL injection in CoSchool LMS WordPress plugin through version 1.4.3 allows authenticated attackers with low-level privileges to extract sensitive database contents and potentially cause service disruption. The vulnerability is exploitable remotely with low attack complexity and enables scope escalation beyond the plugin's intended permissions. Currently showing low exploitation probability (EPSS 6th percentile), with no confirmed active exploitation or public exploit code.
Technical ContextAI
CoSchool LMS is a WordPress learning management system plugin developed by Codexpert, Inc. The vulnerability stems from CWE-89 (SQL Injection), where the plugin fails to properly sanitize user-supplied input before incorporating it into SQL queries. The blind SQL injection variant means attackers cannot directly see query results but can infer database content through timing attacks, error-based responses, or boolean conditions. The WordPress plugin architecture runs with database privileges of the wp-config.php configured user, typically granting access to all WordPress tables including user credentials, posts, and plugin-specific learning management data. The CVSS scope change (S:C) indicates the vulnerability allows attackers to impact resources beyond the plugin's authorization boundary, likely accessing data from other WordPress components or plugins sharing the same database.
Affected ProductsAI
CoSchool LMS WordPress plugin versions from unknown starting point through version 1.4.3 inclusive, developed by Codexpert, Inc. Vulnerability affects all WordPress installations running these plugin versions regardless of WordPress core version. Patchstack advisory available at https://patchstack.com/database/Wordpress/Plugin/coschool/vulnerability/wordpress-coschool-lms-plugin-1-4-3-sql-injection-vulnerability?_s_id=cve provides additional details. CPE data not available in NVD record at time of analysis.
RemediationAI
Upgrade CoSchool LMS plugin to version 1.4.4 or later if available (check WordPress plugin repository or vendor directly, as patch version not independently confirmed from provided data). Access Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/coschool/vulnerability/wordpress-coschool-lms-plugin-1-4-3-sql-injection-vulnerability?_s_id=cve for vendor-specific remediation guidance. If immediate patching is not feasible, implement compensating controls: restrict user registration to prevent untrusted account creation, audit existing low-privilege user accounts for suspicious activity, enable WordPress database query logging to detect blind SQL injection attempts through timing patterns, deploy web application firewall (WAF) rules to detect SQL injection payloads in plugin parameters (may cause false positives requiring tuning), consider temporarily disabling the plugin if LMS functionality is non-critical (disrupts learning platform operations). Database-level restrictions such as read-only credentials for the WordPress user would break core functionality. Monitor WordPress admin access logs for privilege escalation attempts following potential data exfiltration.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today