Filtered by vendor Thimpress
Subscribe
Total
69 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-48267 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes allows Path Traversal. This issue affects WP Pipes: from n/a through 1.4.2. | |||||
| CVE-2025-47664 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 4.4 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in ThimPress WP Pipes allows Server Side Request Forgery. This issue affects WP Pipes: from n/a through 1.4.2. | |||||
| CVE-2025-28982 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 9.3 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress WP Pipes allows SQL Injection. This issue affects WP Pipes: from n/a through 1.4.3. | |||||
| CVE-2025-28979 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 8.1 HIGH |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress WP Pipes allows PHP Local File Inclusion. This issue affects WP Pipes: from n/a through 1.4.3. | |||||
| CVE-2025-28977 | 1 Thimpress | 1 Wp Pipes | 2026-04-28 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress WP Pipes allows Reflected XSS. This issue affects WP Pipes: from n/a through 1.4.3. | |||||
| CVE-2024-30508 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-28 | N/A | 6.5 MEDIUM |
| Missing Authorization vulnerability in ThimPress WP Hotel Booking.This issue affects WP Hotel Booking: from n/a through 2.0.9.2. | |||||
| CVE-2025-60227 | 1 Thimpress | 1 Wp Pipes | 2026-04-27 | N/A | 8.6 HIGH |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThimPress WP Pipes wp-pipes allows Path Traversal.This issue affects WP Pipes: from n/a through <= 1.4.3. | |||||
| CVE-2024-51582 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-23 | N/A | 7.5 HIGH |
| Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking wp-hotel-booking allows PHP Local File Inclusion.This issue affects WP Hotel Booking: from n/a through <= 2.2.9. | |||||
| CVE-2024-8529 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 10.0 CRITICAL |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-8522 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 10.0 CRITICAL |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-4444 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 4.2.6.5. This is due to missing checks in the 'create_account' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |||||
| CVE-2024-4397 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 8.8 HIGH |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'save_post_materials' function in versions up to, and including, 4.2.6.5. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |||||
| CVE-2024-1463 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 4.4 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Course, Lesson, and Quiz title and content in all versions up to, and including, 4.2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with LP Instructor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2020-36757 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-08 | N/A | 4.3 MEDIUM |
| The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-6099 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthenticated bypass to user registration in versions up to, and including, 4.2.6.8.1. This is due to missing checks in the 'check_validate_fields' function in the checkout. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | |||||
| CVE-2024-4277 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 6.4 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘layout_html’ parameter in all versions up to, and including, 4.2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-3605 | 1 Thimpress | 1 Wp Hotel Booking | 2026-04-08 | N/A | 10.0 CRITICAL |
| The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | |||||
| CVE-2024-3560 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 6.4 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the _id value in all versions up to, and including, 4.2.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | |||||
| CVE-2024-2115 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 8.8 HIGH |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filter_users functions. This makes it possible for unauthenticated attackers to elevate their privileges to that of a teacher via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2024-11868 | 1 Thimpress | 1 Learnpress | 2026-04-08 | N/A | 5.3 MEDIUM |
| The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | |||||