| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress – Course Review learnpress-course-review allows Stored XSS.This issue affects LearnPress – Course Review: from n/a through <= 4.1.9. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3. |
| Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through <= 4.1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows DOM-Based XSS.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.2.8. |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Retrieve Embedded Sensitive Data.This issue affects WP Hotel Booking: from n/a through <= 2.2.7. |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.9.4. |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized deletion of quiz question answers due to a missing capability check in the delete_question_answer() function of the EditQuestionAjax class in all versions up to, and including, 4.3.2.8. The AbstractAjax::catch_lp_ajax() dispatcher verifies a wp_rest nonce but performs no current_user_can() check, and the QuestionAnswerModel::delete() method only validates minimum answer counts without checking user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete answer options from any quiz question on the site. |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress BuilderPress builderpress allows PHP Local File Inclusion.This issue affects BuilderPress: from n/a through <= 2.0.1. |
| Authorization Bypass Through User-Controlled Key vulnerability in ThimPress Thim Elementor Kit thim-elementor-kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Thim Elementor Kit: from n/a through <= 1.3.3. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. |
| Missing Authorization vulnerability in ThimPress WP Events Manager wp-events-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Events Manager: from n/a through <= 2.2.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows Cross Site Request Forgery.This issue affects WP Hotel Booking: from n/a through <= 2.1.9. |
| Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4. |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. |
| Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through <= 4.2.7.5. |
| Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9. |