VYPR

Vendor CVEs

Themeum

All CVEs

67 total · sorted by risk
  • CVE-2025-47555LowJan 22, 2026
    risk 0.25cvss 3.8epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.

  • CVE-2024-5438MedJun 7, 2024
    risk 0.21cvss 4.3epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.7.1 via the 'attempt_delete' function due to missing validation on a user controlled key. This makes it possible…

  • CVE-2024-11911Dec 13, 2024
    risk 0.00cvss epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with…

  • CVE-2024-10897Nov 15, 2024
    risk 0.00cvss epss 0.00

    The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. This makes it possible for authenticated…

  • CVE-2024-43142Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.

  • CVE-2024-43937Nov 1, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.

  • CVE-2024-10117Oct 26, 2024
    risk 0.00cvss epss 0.00

    The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-5784Aug 30, 2024
    risk 0.00cvss epss 0.00

    The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions execution due to a missing capability checks on multiple functions like treport_quiz_atttempt_delete and tutor_gc_class_action in all versions up to, and including, 2.7.2. This makes it…

  • CVE-2024-39645Aug 26, 2024
    risk 0.00cvss epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

  • CVE-2024-5576Aug 20, 2024
    risk 0.00cvss epss 0.00

    The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output…

  • CVE-2024-43282Aug 18, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.

  • CVE-2024-43231Aug 12, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.

  • CVE-2024-37947Jul 20, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.2.

  • CVE-2024-37266Jul 9, 2024
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.

  • CVE-2024-37256Jul 9, 2024
    risk 0.00cvss epss 0.01

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.

  • CVE-2023-25799Jun 11, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8.

  • CVE-2023-47532Nov 14, 2023
    risk 0.00cvss epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themeum WP Crowdfunding plugin <= 2.1.6 versions.

Page 2 of 2