Vulnerabilities > Thimpress

DATE	CVE	VULNERABILITY TITLE	RISK
2023-11-20	CVE-2023-5799	Incorrect Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them network low complexity thimpress CWE-863	5.4
2023-10-03	CVE-2023-40009	Cross-Site Request Forgery (CSRF) vulnerability in Thimpress WP Pipes Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. network low complexity thimpress CWE-352	6.5
2023-07-12	CVE-2020-36757	Unspecified vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. network low complexity thimpress	4.3
2023-05-18	CVE-2023-30487	Cross-site Scripting vulnerability in Thimpress Learnpress Unauth. network low complexity thimpress CWE-79	6.1
2023-03-29	CVE-2022-45355	SQL Injection vulnerability in Thimpress WP Pipes Auth. network low complexity thimpress CWE-89	7.2
2023-01-26	CVE-2022-47615	Unrestricted Upload of File with Dangerous Type vulnerability in Thimpress Learnpress Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. network low complexity thimpress CWE-434 critical	9.8
2023-01-26	CVE-2022-45808	SQL Injection vulnerability in Thimpress Learnpress SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. network low complexity thimpress CWE-89 critical	9.8
2023-01-26	CVE-2022-45820	SQL Injection vulnerability in Thimpress Learnpress SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. network low complexity thimpress CWE-89	8.8
2022-10-31	CVE-2022-3360	Deserialization of Untrusted Data vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). network high complexity thimpress CWE-502	8.1
2022-08-22	CVE-2021-36852	Cross-Site Request Forgery (CSRF) vulnerability in Thimpress WP Hotel Booking Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress. network low complexity thimpress CWE-352	8.0

Vulnerabilities > Thimpress {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Thimpress"}]}

Vulnerabilities > Thimpress