Filtered by vendor Thimpress
Subscriptions
Total
120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24361 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-28 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9. | ||||
| CVE-2024-32588 | 1 Thimpress | 1 Learnpress | 2026-04-28 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3. | ||||
| CVE-2024-31241 | 1 Thimpress | 1 Learnpress | 2026-04-28 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. | ||||
| CVE-2024-30508 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-28 | 6.5 Medium |
| Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | ||||
| CVE-2023-30487 | 1 Thimpress | 1 Learnpress | 2026-04-28 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions. | ||||
| CVE-2025-60200 | 2 Thimpress, Wordpress | 2 Learnpress Export Import, Wordpress | 2026-04-27 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through <= 4.1.2. | ||||
| CVE-2025-63011 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-24 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. | ||||
| CVE-2025-63012 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-24 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. | ||||
| CVE-2025-63013 | 2 Thimpress, Wordpress | 2 Wp Hotel Booking, Wordpress | 2026-04-24 | 4.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. | ||||
| CVE-2025-66054 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-24 | 7.5 High |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4. | ||||
| CVE-2026-3225 | 2 Thimpress, Wordpress | 2 Learnpress – Wordpress Lms Plugin For Create And Sell Online Courses, Wordpress | 2026-04-24 | 4.3 Medium |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site. | ||||
| CVE-2026-27065 | 2 Thimpress, Wordpress | 2 Builderpress, Wordpress | 2026-04-23 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1. | ||||
| CVE-2025-67594 | 3 Elementor, Thimpress, Wordpress | 3 Elementor, Thim Elementor Kit, Wordpress | 2026-04-23 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3. | ||||
| CVE-2025-60227 | 2 Thimpress, Wordpress | 2 Wp Pipes, Wordpress | 2026-04-23 | 8.6 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. | ||||
| CVE-2025-57987 | 2 Thimpress, Wordpress | 2 Wp Events Manager, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through <= 2.2.1. | ||||
| CVE-2025-47448 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-23 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9. | ||||
| CVE-2025-39460 | 1 Thimpress | 1 Eduma | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4. | ||||
| CVE-2025-24740 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-23 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. | ||||
| CVE-2025-22739 | 2 Thimpress, Wordpress | 2 Learnpress, Wordpress | 2026-04-23 | 5.3 Medium |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5. | ||||
| CVE-2024-51582 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-23 | 7.5 High |
| Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9. | ||||