| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-4365 | LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 9.1 | 2026-04-14 01:25:00 | Deep Dive |
| CVE-2026-4333 | LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2026-04-08 03:36:08 | Deep Dive |
| CVE-2026-25002 | WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability | ThimPress | LearnPress – Sepay Payment | 中危 | - | 2026-03-25 16:14:37 | Deep Dive |
| CVE-2026-3225 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-23 22:25:41 | Deep Dive |
| CVE-2026-27065 | WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability | ThimPress | BuilderPress | Critical | 9.8 | 2026-03-19 08:39:06 | Deep Dive |
| CVE-2026-1870 | Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure | thimpress | Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor | Medium | 5.3 | 2026-03-14 13:24:42 | Deep Dive |
| CVE-2026-3226 | LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 4.3 | 2026-03-12 02:22:37 | Deep Dive |
| CVE-2026-1787 | LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion | thimpress | LearnPress – Backup & Migration Tool | Medium | 4.8 | 2026-02-21 10:37:17 | Deep Dive |
| CVE-2026-27050 | WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability | ThimPress | RealPress | - | - | 2026-02-19 08:27:10 | Deep Dive |
| CVE-2026-24361 | WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability | ThimPress | LearnPress – Course Review | - | - | 2026-01-22 16:52:44 | Deep Dive |
| CVE-2025-14798 | LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-20 03:25:18 | Deep Dive |
| CVE-2025-13725 | Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter | thimpress | Thim Blocks | Medium | 6.5 | 2026-01-17 03:24:24 | Deep Dive |
| CVE-2025-14075 | WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter | thimpress | WP Hotel Booking | Medium | 5.3 | 2026-01-17 02:22:31 | Deep Dive |
| CVE-2025-14802 | LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.4 | 2026-01-07 07:17:33 | Deep Dive |
| CVE-2025-13964 | LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2026-01-06 08:21:49 | Deep Dive |
| CVE-2025-53344 | WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability | ThimPress | Thim Core | Medium | 4.3 | 2026-01-05 16:42:58 | Deep Dive |
| CVE-2025-66054 | WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability | ThimPress | LearnPress | High | 7.5 | 2025-12-18 07:22:17 | Deep Dive |
| CVE-2025-13956 | LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 5.3 | 2025-12-16 04:31:35 | Deep Dive |
| CVE-2025-14387 | LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Medium | 6.4 | 2025-12-15 15:30:55 | Deep Dive |
| CVE-2025-63013 | WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability | ThimPress | WP Hotel Booking | Medium | 4.3 | 2025-12-09 14:52:28 | Deep Dive |