ThimPress — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-64195	WordPress Eduma theme <= 5.7.6 - Local File Inclusion vulnerability — EdumaCWE-98	9.1^AI	Critical^AI	2025-10-29
CVE-2025-60227	WordPress WP Pipes plugin <= 1.4.3 - Arbitrary File Deletion vulnerability — WP PipesCWE-22	8.6	High	2025-10-22
CVE-2025-49992	WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability — LearnPress Export ImportCWE-79	6.1^AI	Medium^AI	2025-10-22
CVE-2025-11372	LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862	6.5	Medium	2025-10-18
CVE-2025-57987	WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability — WP Events ManagerCWE-862	5.3	Medium	2025-09-22
CVE-2025-28977	WordPress WP Pipes Plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability — WP PipesCWE-79	7.1	High	2025-08-20
CVE-2025-28979	WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability — WP PipesCWE-98	8.1	High	2025-08-14
CVE-2025-28982	WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability — WP PipesCWE-89	9.3	Critical	2025-07-16
CVE-2025-48267	WordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion Vulnerability — WP PipesCWE-22	8.6	High	2025-06-09
CVE-2025-48336	WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability — Course BuilderCWE-502	9.8	Critical	2025-05-29
CVE-2025-39460	WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability — EdumaCWE-862	5.3	Medium	2025-05-19
CVE-2025-47664	WordPress WP Pipes plugin <= 1.4.3 - Server Side Request Forgery (SSRF) Vulnerability — WP PipesCWE-918	4.4	Medium	2025-05-07
CVE-2025-47448	WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability — WP Hotel BookingCWE-352	4.3	Medium	2025-05-07
CVE-2025-39470	WordPress Ivy School theme <= 1.6.0 - Local File Inclusion Vulnerability — Ivy SchoolCWE-35	8.1	High	2025-04-18
CVE-2025-22739	WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability — LearnPressCWE-862	5.3	Medium	2025-03-27
CVE-2025-24740	WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability — LearnPressCWE-601	4.7	Medium	2025-01-27
CVE-2025-24601	WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability — FundPressCWE-502	9.8	Critical	2025-01-27
CVE-2024-13599	LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79	6.4	Medium	2025-01-25
CVE-2025-24725	WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability — Thim Elementor KitCWE-862	4.3	Medium	2025-01-24
CVE-2024-13447	WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval — WP Hotel BookingCWE-862	4.3	Medium	2025-01-22
CVE-2024-12370	WP Hotel Booking <= 2.1.5 - Missing Authorization — WP Hotel BookingCWE-284	5.3	Medium	2025-01-17
CVE-2025-22312	WordPress Thim Elementor Kit plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability — Thim Elementor KitCWE-79	6.5	Medium	2025-01-07
CVE-2024-12283	WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter — WP PipesCWE-79	6.1	Medium	2024-12-11
CVE-2024-11868	LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-284	5.3	Medium	2024-12-10
CVE-2024-9609	LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting — LearnPress – Backup & Migration ToolCWE-79	6.1	Medium	2024-11-15
CVE-2024-51582	WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability — WP Hotel BookingCWE-35	7.5	High	2024-11-04
CVE-2024-7855	WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload — WP Hotel BookingCWE-434	8.8	High	2024-10-02
CVE-2024-8522	LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89	10.0	Critical	2024-09-12
CVE-2024-8529	LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89	10.0	Critical	2024-09-12
CVE-2024-7717	WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection — WP Events ManagerCWE-89	8.8	High	2024-08-31

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.

Goal Reached Thanks to every supporter — we hit 100%!

ThimPress — Vulnerabilities & Security Advisories 99