Vulnerabilities in ThimPress
107 resultsCVE-2024-8522CRITICALLearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields'EPSS 61.4%CVE-2023-6567CRITICALLearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_byEPSS 51.4%CVE-2024-4434CRITICALLearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL InjectionEPSS 36.9%CVE-2024-7855HIGHWP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File UploadEPSS 15.0%CVE-2024-8529CRITICALLearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields'EPSS 11.8%CVE-2023-6634HIGHLearnPress <= 4.2.5.7 - Command InjectionEPSS 8.5%CVE-2022-47615CRITICALWordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to Local File InclusionEPSS 5.1%CVE-2022-45808CRITICALWordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL InjectionEPSS 4.3%CVE-2024-3605CRITICALWP Hotel Booking <= 2.1.0 - Unauthenticated SQL InjectionEPSS 4.2%CVE-2018-16175—SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commEPSS 1.3%CVE-2024-11868MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST APIEPSS 1.1%CVE-2018-16174—Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conducEPSS 1.0%CVE-2024-4397HIGHLearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File UploadEPSS 1.0%CVE-2024-5483MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON APIEPSS 1.0%CVE-2022-45820CRITICALWordPress LearnPress Plugin <= 4.1.7.3.2 is vulnerable to SQL InjectionEPSS 1.0%CVE-2018-16173—Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via uEPSS 1.0%CVE-2025-13956MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics ExposureEPSS 0.9%CVE-2025-11368MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information ExposureEPSS 0.9%CVE-2026-4365CRITICALLearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer DeletionEPSS 0.9%CVE-2024-6589HIGHLearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File InclusionEPSS 0.8%