Vulnerabilities in themeum
93 resultsCVE-2023-2919MEDIUMTutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'EPSS 0.2%CVE-2025-13679MEDIUMTutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_detailsEPSS 0.2%CVE-2025-13935MEDIUMTutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course CompletionEPSS 0.2%CVE-2025-13628MEDIUMTutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon ModificationEPSS 0.2%CVE-2025-13934MEDIUMTutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment BypassEPSS 0.2%CVE-2025-26767MEDIUMWordPress Qubely plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6680MEDIUMTutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information ExposureEPSS 0.2%CVE-2025-31892MEDIUMWordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2026-22329HIGHWordPress Skillate theme <= 1.2.10 - Reflected Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2024-39645MEDIUMWordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerabilityEPSS 0.2%CVE-2026-40740MEDIUMWordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerabilityEPSS 0.2%CVE-2026-39638MEDIUMWordPress Qubely plugin <= 1.8.14 - Cross Site Scripting (XSS) vulnerabilityEPSS 0.2%CVE-2025-6639MEDIUMTutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other AssignmentsEPSS 0.2%