CVE-2025-31916 CRITICAL

CVE-2025-31916: WordPress JP Students Result Management System Premium plugin 1.1.7 - Arbitrary File Upload vulnerability

Vendor Joy2012Bd
Product JP Students Result Management System Premium
Weakness CWE-434 · Unrestricted file upload
Published May 23, 2025
Last update April 28, 2026

CVSS base score

9.0/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.

Explanation of Vulnerability in Simple Terms

02Summary

JP Students Result Management System Premium contains an unrestricted file upload vulnerability that allows attackers to upload malicious files to the server without authentication. The vulnerability affects versions 1.1.7 and requires only network access to exploit. Successful exploitation can lead to remote code execution, data theft, and site compromise.

What an attacker can do

03Attacker Capabilities

Upload and execute malicious files on the server without authentication.

Potential impact on your site

04Site Impact

Attackers can run arbitrary code, steal data, or take full control of the site and its database.

Conditions required to exploit

05Prerequisites

Network access to the vulnerable upload endpoint; no authentication or user interaction required.

Key dates

06Disclosure timeline

May 23, 2025 CVE published
April 28, 2026 Record updated