Vulnerabilities > Thimpress

DATE CVE VULNERABILITY TITLE RISK
2023-05-18 CVE-2023-30487 Unspecified vulnerability in Thimpress Learnpress
Unauth.
network
low complexity
thimpress
6.1
2023-03-29 CVE-2022-45355 Unspecified vulnerability in Thimpress WP Pipes
Auth.
network
low complexity
thimpress
7.2
2023-01-26 CVE-2022-47615 Unrestricted Upload of File with Dangerous Type vulnerability in Thimpress Learnpress
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
network
low complexity
thimpress CWE-434
critical
9.8
2023-01-26 CVE-2022-45808 Unspecified vulnerability in Thimpress Learnpress
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
network
low complexity
thimpress
critical
9.8
2023-01-26 CVE-2022-45820 Unspecified vulnerability in Thimpress Learnpress
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
network
low complexity
thimpress
8.8
2022-10-31 CVE-2022-3360 Deserialization of Untrusted Data vulnerability in Thimpress Learnpress
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE).
network
high complexity
thimpress CWE-502
8.1
2022-08-22 CVE-2021-36852 Unspecified vulnerability in Thimpress WP Hotel Booking
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.
network
low complexity
thimpress
8.0
2022-04-11 CVE-2022-0271 Unspecified vulnerability in Thimpress Learnpress
The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lp_background_single_email AJAX action, leading to a Reflected Cross-Site Scripting
network
low complexity
thimpress
6.1
2022-02-28 CVE-2022-0377 Use of a Broken or Risky Cryptographic Algorithm vulnerability in Thimpress Learnpress
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration.
network
low complexity
thimpress CWE-327
4.3
2021-12-13 CVE-2021-24951 Unspecified vulnerability in Thimpress Learnpress
The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues
network
low complexity
thimpress
critical
9.8