Vulnerabilities > Themeum > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-12-13 CVE-2024-11910 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping.
network
low complexity
themeum CWE-79
5.4
5.4
2024-12-13 CVE-2024-11911 Missing Authorization vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12.
network
low complexity
themeum CWE-862
4.3
4.3
2024-11-15 CVE-2024-10897 Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5.
network
low complexity
themeum CWE-862
4.3
4.3
2024-11-01 CVE-2024-43937 Missing Authorization vulnerability in Themeum WP Crowdfunding
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10.
network
low complexity
themeum CWE-862
4.3
4.3
2024-10-26 CVE-2024-10117 Cross-site Scripting vulnerability in Themeum WP Crowdfunding
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeum CWE-79
5.4
5.4
2024-09-10 CVE-2023-2919 Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4.
network
low complexity
themeum CWE-352
4.3
4.3
2024-08-29 CVE-2024-43954 Incorrect Authorization vulnerability in Themeum Droip
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-863
6.3
6.3
2024-08-20 CVE-2024-5576 Cross-site Scripting vulnerability in Themeum Tutor LMS Elementor Addons
The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
themeum CWE-79
5.4
5.4
2024-08-12 CVE-2024-43231 Cross-site Scripting vulnerability in Themeum Tutor LMS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themeum Tutor LMS allows Stored XSS.This issue affects Tutor LMS: from n/a through 2.7.3.
network
low complexity
themeum CWE-79
5.4
5.4
2024-07-27 CVE-2024-1798 Missing Authorization vulnerability in Themeum Tutor LMS - Migration Tool
The Tutor LMS – Migration Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the tutor_lp_export_xml function in all versions up to, and including, 2.2.0.
network
low complexity
themeum CWE-862
5.3
5.3