Vulnerabilities in ThimPress
107 resultsCVE-2025-28982CRITICALWordPress WP Pipes plugin <= 1.4.3 - SQL Injection VulnerabilityEPSS 0.4%CVE-2023-36516HIGHWordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-48267HIGHWordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion VulnerabilityEPSS 0.4%CVE-2026-4650MEDIUMFundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX HandlerEPSS 0.4%CVE-2025-48336CRITICALWordPress Course Builder < 3.6.6 - PHP Object Injection VulnerabilityEPSS 0.4%CVE-2024-39642MEDIUMWordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-1289MEDIUMLearnPress <= 4.2.6.3 - Insecure Direct Object ReferenceEPSS 0.4%CVE-2023-30487HIGHWordPress LearnPress Export Import Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)EPSS 0.4%CVE-2025-67526HIGHWordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerabilityEPSS 0.4%CVE-2025-60200HIGHWordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerabilityEPSS 0.4%CVE-2024-9609MEDIUMLearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site ScriptingEPSS 0.4%CVE-2023-36515HIGHWordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerabilityEPSS 0.4%CVE-2025-13725MEDIUMGutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' ParameterEPSS 0.4%CVE-2024-12283MEDIUMWP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 ParameterEPSS 0.4%CVE-2025-28979HIGHWordPress WP Pipes <= 1.4.3 - Local File Inclusion VulnerabilityEPSS 0.4%CVE-2026-8502MEDIUMLearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' ParametersEPSS 0.4%CVE-2024-4329MEDIUMThim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id ParameterEPSS 0.4%CVE-2020-36757MEDIUMWP Hotel Booking <= 1.10.1 - Cross-Site Request Forgery BypassEPSS 0.4%CVE-2024-13447MEDIUMWP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email RetrievalEPSS 0.3%CVE-2023-6223MEDIUMLearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information DisclosureEPSS 0.3%