Vulnerabilities > Themeum

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2024-10897 Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5.
network
low complexity
themeum CWE-862
4.3
2024-11-01 CVE-2024-43937 Missing Authorization vulnerability in Themeum WP Crowdfunding
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
network
low complexity
themeum CWE-862
4.3
2024-09-10 CVE-2023-2919 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4.
network
low complexity
themeum CWE-352
4.3
2024-08-29 CVE-2024-43954 Incorrect Authorization vulnerability in Themeum Droip
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-863
6.3
2024-08-29 CVE-2024-43955 Path Traversal vulnerability in Themeum Droip
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-22
7.5
2024-08-26 CVE-2024-39645 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2.
network
low complexity
themeum CWE-352
8.8
2024-07-27 CVE-2024-1798 Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0.
network
low complexity
themeum CWE-862
5.3
2024-07-27 CVE-2024-1804 Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tutor_import_from_xml function in all versions up to, and including, 2.2.0.
network
low complexity
themeum CWE-862
4.3
2024-07-09 CVE-2024-37266 Unspecified vulnerability in Themeum Tutor LMS
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1.
network
low complexity
themeum
7.2
2024-07-09 CVE-2024-37256 Unspecified vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1.
network
low complexity
themeum
7.2