Vulnerabilities > Themeum

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-25700 Unspecified vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
network
low complexity
themeum
critical
9.8
2023-11-03 CVE-2023-25800 SQL Injection vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.2.0.
network
low complexity
themeum CWE-89
8.8
2023-11-03 CVE-2023-25990 Unspecified vulnerability in Themeum Tutor LMS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS allows SQL Injection.This issue affects Tutor LMS: from n/a through 2.1.10.
network
low complexity
themeum
8.8
2023-10-16 CVE-2023-4805 Unspecified vulnerability in Themeum Tutor LMS
The Tutor LMS WordPress plugin before 2.3.0 does not sanitise and escape some of its settings, which could allow users such as subscriber to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
themeum
5.4
2023-08-07 CVE-2021-24916 Unspecified vulnerability in Themeum Qubely
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
network
low complexity
themeum
7.5
2023-07-04 CVE-2023-3133 Unspecified vulnerability in Themeum Tutor LMS
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for REST API endpoints, allowing unauthenticated attackers to access information from Lessons that should not be publicly available.
network
low complexity
themeum
7.5
2023-02-06 CVE-2023-0236 Unspecified vulnerability in Themeum Tutor LMS
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
network
low complexity
themeum
6.1
2022-12-05 CVE-2022-3830 Unspecified vulnerability in Themeum WP Page Builder
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
network
low complexity
themeum
4.8
2022-11-18 CVE-2022-40963 Cross-site Scripting vulnerability in Themeum WP Page Builder
Multiple Auth.
network
low complexity
themeum CWE-79
5.4
2022-10-17 CVE-2022-2563 Unspecified vulnerability in Themeum Tutor LMS
The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
network
low complexity
themeum
4.8