Vulnerabilities > Themeum

DATE CVE VULNERABILITY TITLE RISK
2025-03-12 CVE-2025-1508 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13.
network
low complexity
themeum CWE-862
5.3
5.3
2025-03-11 CVE-2024-13228 Privacy Violation vulnerability in Themeum Qubely
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.13 via the 'qubely_get_content'.
network
low complexity
themeum CWE-359
6.5
6.5
2025-02-16 CVE-2025-26767 Cross-site Scripting vulnerability in Themeum Qubely
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeum Qubely – Advanced Gutenberg Blocks allows Stored XSS.
network
low complexity
themeum CWE-79
5.4
5.4
2025-02-14 CVE-2024-9601 Cross-site Scripting vulnerability in Themeum Qubely
The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping.
network
low complexity
themeum CWE-79
5.4
5.4
2024-12-13 CVE-2023-41870 Missing Authorization vulnerability in Themeum WP Crowdfunding
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5.
network
low complexity
themeum CWE-862
8.8
8.8
2024-12-13 CVE-2024-11910 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping.
network
low complexity
themeum CWE-79
5.4
5.4
2024-12-13 CVE-2024-11911 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
network
low complexity
themeum CWE-862
4.3
4.3
2024-12-09 CVE-2024-53816 Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons
Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5.
network
low complexity
themeum CWE-862
8.8
8.8
2024-11-15 CVE-2024-10897 Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5.
network
low complexity
themeum CWE-862
4.3
4.3
2024-11-01 CVE-2024-43142 Missing Authorization vulnerability in Themeum Tutor LMS
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
network
low complexity
themeum CWE-862
8.8
8.8