Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThimPress — Vulnerabilities & Security Advisories 99

Browse all 99 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by ThimPress:LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesWP Hotel BookingLearnPressWP PipesLearnPress Export ImportEdumaThim Elementor KitLearnPress – WordPress LMS PluginThim Kit for Elementor – Pre-built Templates & Widgets for ElementorWP Events ManagerLearnPress – Backup & Migration ToolSailingLearnPress – Sepay PaymentBuilderPressRealPressLearnPress – Course ReviewThim BlocksThim CoreRescaCourse BuilderIvy SchoolFundPress
CVE IDTitleCVSSSeverityPublished
CVE-2024-39641 WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability — LearnPressCWE-352 4.3 Medium2024-08-26
CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability — LearnPressCWE-639 6.5 Medium2024-08-13
CVE-2024-7548 LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 8.8 High2024-08-08
CVE-2024-6589 LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-98 8.8 High2024-07-25
CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-07-02
CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2024-07-02
CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection — WP Hotel BookingCWE-89 10.0 Critical2024-06-20
CVE-2023-36515 WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability — LearnPressCWE-862 7.3 High2024-06-19
CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability — LearnPressCWE-862 7.6 High2024-06-19
CVE-2024-35697 WordPress Eduma theme <= 5.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — EdumaCWE-79 7.1 High2024-06-08
CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2024-06-05
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-22
CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Thim Kit for Elementor – Pre-built Templates & Widgets for ElementorCWE-79 6.4 Medium2024-05-11
CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-10
CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-05-10
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 9.8 Critical2024-05-10
CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-434 8.8 High2024-05-09
CVE-2024-34415 WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability — Thim Elementor KitCWE-79 6.5 Medium2024-05-09
CVE-2024-3560 LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-04-19
CVE-2024-32588 WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — LearnPress Export ImportCWE-79 7.1 High2024-04-18
CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 4.4 Medium2024-04-09
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-285 6.5 Medium2024-04-09
CVE-2024-31241 WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability — LearnPress Export ImportCWE-89 7.6 High2024-04-07
CVE-2024-2115 LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-352 8.8 High2024-04-05
CVE-2024-30508 WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability — WP Hotel BookingCWE-862 6.5 Medium2024-03-29
CVE-2023-6567 LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 9.8 Critical2024-01-11
CVE-2023-6634 LearnPress <= 4.2.5.7 - Command Injection — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-88 8.1 High2024-01-11
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639 4.3 Medium2024-01-11
CVE-2023-40009 WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) — WP PipesCWE-352 5.4 Medium2023-10-03
CVE-2020-36757 WP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery Bypass — WP Hotel BookingCWE-352 4.3 Medium2023-07-12

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.