VYPR
Get started
← All vendors
Vendor

Themegrill

Sign in to watch
Products
4
CVEs
6
Across products
6
Status
Private

Products

4

Recent CVEs

6
CVESevRiskCVSSEPSSKEVPublishedDescription
CVE-2024-24882Cri0.689.80.48May 17, 2024Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2.
CVE-2024-0679Med0.436.50.10Jan 20, 2024The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.
CVE-2024-37432Med0.385.90.00Jul 22, 2024Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeGrill Esteem allows Stored XSS.This issue affects Esteem: from n/a through 1.5.0.
CVE-2024-33939Med0.355.30.04May 19, 2025Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.3.
CVE-2024-1462Med0.345.30.00Mar 13, 2024The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode.
CVE-2024-1370Med0.345.30.00Mar 13, 2024The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails.