thimpress
Web & CMS Pluginscommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting thimpress.
- CVE-2026-8502LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters5.3
- CVE-2026-7566LearnPress – Backup & Migration Tool <= 4.1.4 - Authenticated (Administrator+) PHP Object Injection via WXR XML File Upload6.6
- CVE-2026-7565LearnPress <= 4.1.4 - Authenticated (Administrator+) Path Traversal to Arbitrary File Read via 'import-user-file' Parameter4.9
- CVE-2025-53346WordPress Thim Core Plugin <= 2.3.3 - Broken Access Control Vulnerability4.3
- CVE-2025-53345WordPress Thim Core plugin <= 2.3.3 - Arbitrary Plugin Installation vulnerability8.8
- CVE-2026-48865WordPress LearnPress plugin <= 4.3.6 - Reflected Cross Site Scripting (XSS) vulnerability7.1
- CVE-2026-7648LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter4.3
- CVE-2026-4650FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler5.3
- CVE-2026-4365LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion9.1
- CVE-2026-4333LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute6.4
- CVE-2026-25002WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability7.5
- CVE-2026-3225LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion4.3
- CVE-2026-27065WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability9.8
- CVE-2026-1870Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure5.3
- CVE-2026-3226LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering4.3