ThimPress — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-4365	LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	9.1	Critical	2026-04-14
CVE-2026-4333	LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79	6.4	Medium	2026-04-08
CVE-2026-25002	WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability — LearnPress – Sepay PaymentCWE-288	9.8	-	2026-03-25
CVE-2026-3225	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	4.3	Medium	2026-03-23
CVE-2026-27065	WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability — BuilderPressCWE-98	9.8	Critical	2026-03-19
CVE-2026-1870	Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure — Thim Kit for Elementor – Pre-built Templates & Widgets for ElementorCWE-862	5.3	Medium	2026-03-14
CVE-2026-3226	LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	4.3	Medium	2026-03-12
CVE-2026-1787	LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion — LearnPress – Backup & Migration ToolCWE-862	4.8	Medium	2026-02-21
CVE-2026-27050	WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability — RealPressCWE-352	8.8^AI	High^AI	2026-02-19
CVE-2026-24361	WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability — LearnPress – Course ReviewCWE-79	5.4^AI	Medium^AI	2026-01-22
CVE-2025-14798	LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	5.3	Medium	2026-01-20
CVE-2025-13725	Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter — Thim BlocksCWE-22	6.5	Medium	2026-01-17
CVE-2025-14075	WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter — WP Hotel BookingCWE-200	5.3	Medium	2026-01-17
CVE-2025-14802	LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639	5.4	Medium	2026-01-07
CVE-2025-13964	LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	5.3	Medium	2026-01-06
CVE-2025-53344	WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability — Thim CoreCWE-352	4.3	Medium	2026-01-05
CVE-2025-66054	WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability — LearnPressCWE-862	7.5	High	2025-12-18
CVE-2025-13956	LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	5.3	Medium	2025-12-16
CVE-2025-14387	LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79	6.4	Medium	2025-12-15
CVE-2025-63012	WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability — WP Hotel BookingCWE-352	4.3	Medium	2025-12-09
CVE-2025-63011	WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability — WP Hotel BookingCWE-79	6.1^AI	Medium^AI	2025-12-09
CVE-2025-63013	WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability — WP Hotel BookingCWE-497	4.3	Medium	2025-12-09
CVE-2025-67594	WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability — Thim Elementor KitCWE-639	4.3	Medium	2025-12-09
CVE-2025-67573	WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability — SailingCWE-862	9.1^AI	Critical^AI	2025-12-09
CVE-2025-67536	WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability — LearnPressCWE-79	5.4^AI	Medium^AI	2025-12-09
CVE-2025-67526	WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability — SailingCWE-98	7.5	High	2025-12-09
CVE-2025-11368	LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200	5.3	Medium	2025-11-21
CVE-2025-60200	WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability — LearnPress Export ImportCWE-98	7.5	High	2025-11-06
CVE-2025-54721	WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability — RescaCWE-79	6.1	-	2025-11-06
CVE-2025-64195	WordPress Eduma theme <= 5.7.6 - Local File Inclusion vulnerability — EdumaCWE-98	9.1^AI	Critical^AI	2025-10-29

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

ThimPress — Vulnerabilities & Security Advisories 99