themeum
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting themeum.
- CVE-2026-10736Tutor LMS <= 3.9.11 - Authenticated (Administrator+) SQL Injection via 'data' Parameter4.9
- CVE-2026-22332WordPress Tutor LMS Pro plugin <= 3.9.6 - SQL Injection vulnerability9.3
- CVE-2026-22330WordPress Right Way theme <= 4.0 - Local File Inclusion vulnerability8.1
- CVE-2026-22329WordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerability7.1
- CVE-2026-40743WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability6.5
- CVE-2026-8206Kirki 6.0.0 - 6.0.6 - Unauthenticated Privilege Escalation via 'handle_forgot_password'9.8
- CVE-2026-8073Kirki <= 6.0.6 - Unauthenticated Limited Arbitrary File Read and Deletion via downloadZIP7.5
- CVE-2026-8096Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action6.5
- CVE-2026-6965Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter5.3
- CVE-2026-5502Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order5.3
- CVE-2026-6080Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter6.5
- CVE-2026-40740WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability5.4
- CVE-2026-3371Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification4.3
- CVE-2026-3358Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment5.4
- CVE-2026-3360Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter7.5