Vulnerabilities > Thimpress > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-20 | CVE-2024-3605 | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. | 9.8 |
| 2024-06-19 | CVE-2023-36515 | Unspecified vulnerability in Thimpress Learnpress Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. | 9.8 |
| 2024-01-11 | CVE-2023-6634 | Command Injection vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Command Injection in all versions up to, and including, 4.2.5.7 via the get_content function. | 9.8 |
| 2023-11-20 | CVE-2023-5652 | SQL Injection vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not escape user input before using it in a SQL statement of a function hooked to admin_init, allowing unauthenticated users to perform SQL injections | 9.8 |
| 2023-01-26 | CVE-2022-47615 | Unrestricted Upload of File with Dangerous Type vulnerability in Thimpress Learnpress Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.8 |
| 2023-01-26 | CVE-2022-45808 | Unspecified vulnerability in Thimpress Learnpress SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions. | 9.8 |
| 2021-12-13 | CVE-2021-24951 | Unspecified vulnerability in Thimpress Learnpress The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues | 9.8 |
| 2021-03-03 | CVE-2020-29047 | Deserialization of Untrusted Data vulnerability in Thimpress WP Hotel Booking The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the thimpress_hotel_booking_1 cookie in load in includes/class-wphb-sessions.php. | 9.8 |