Vulnerabilities > Themeum > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-12-13 | CVE-2023-41870 | Missing Authorization vulnerability in Themeum WP Crowdfunding Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | 8.8 |
| 2024-12-09 | CVE-2024-53816 | Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | 8.8 |
| 2024-08-29 | CVE-2024-43955 | Path Traversal vulnerability in Themeum Droip Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Droip allows File Manipulation.This issue affects Droip: from n/a through 1.1.1. | 7.5 |
| 2024-08-26 | CVE-2024-39645 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | 8.8 |
| 2024-08-18 | CVE-2024-43282 | SQL Injection vulnerability in Themeum Tutor LMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.2. | 7.2 |
| 2024-07-09 | CVE-2024-37266 | Unspecified vulnerability in Themeum Tutor LMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themeum Tutor LMS allows Path Traversal.This issue affects Tutor LMS: from n/a through 2.7.1. | 7.2 |
| 2024-07-09 | CVE-2024-37256 | Unspecified vulnerability in Themeum Tutor LMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.7.1. | 7.2 |
| 2024-06-11 | CVE-2023-25799 | Unspecified vulnerability in Themeum Tutor LMS Missing Authorization vulnerability in Themeum Tutor LMS.This issue affects Tutor LMS: from n/a through 2.1.8. | 8.8 |
| 2024-06-07 | CVE-2024-4902 | SQL Injection vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the ‘course_id’ parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 7.2 |
| 2024-05-16 | CVE-2024-4222 | Missing Authorization vulnerability in Themeum Tutor LMS The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 2.7.0. | 8.2 |