Vulnerabilities > Themeum > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-12 | CVE-2025-1508 | Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the download_data action in all versions up to, and including, 2.1.13. | 5.3 |
| 2025-02-14 | CVE-2024-9601 | Cross-site Scripting vulnerability in Themeum Qubely The Qubely – Advanced Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ and 'UniqueID' parameter in all versions up to, and including, 1.8.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2024-11910 | Cross-site Scripting vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. | 5.4 |
| 2024-12-13 | CVE-2024-11911 | Missing Authorization vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. | 4.3 |
| 2024-11-15 | CVE-2024-10897 | Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_etlms_dependency_plugin() function in all versions up to, and including, 2.1.5. | 4.3 |
| 2024-11-01 | CVE-2024-43937 | Missing Authorization vulnerability in Themeum WP Crowdfunding Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10. | 4.3 |
| 2024-10-26 | CVE-2024-10117 | Cross-site Scripting vulnerability in Themeum WP Crowdfunding The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcf_donate shortcode in all versions up to, and including, 2.1.11 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2024-09-10 | CVE-2023-2919 | Cross-Site Request Forgery (CSRF) vulnerability in Themeum Tutor LMS The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. | 4.3 |
| 2024-08-29 | CVE-2024-43954 | Incorrect Authorization vulnerability in Themeum Droip Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. | 6.3 |
| 2024-08-20 | CVE-2024-5576 | Cross-site Scripting vulnerability in Themeum Tutor LMS Elementor Addons The Tutor LMS Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'course_carousel_skin' attribute within the plugin's Course Carousel widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |