Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Themeum — Vulnerabilities & Security Advisories 85

Browse all 85 CVE security advisories affecting Themeum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeum operates as a cloud-based platform facilitating the creation and deployment of virtual machines, primarily targeting developers and enterprises seeking streamlined infrastructure management. Security audits have identified eighty-four Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from inadequate input validation and improper access controls within its web interface and API endpoints. These defects have occasionally allowed unauthorized users to execute arbitrary commands or escalate their permissions to administrative levels, potentially compromising underlying virtual machine instances. While specific major public breaches remain limited in detailed public reporting, the high volume of disclosed CVEs suggests persistent challenges in securing the application layer. Continuous patching and rigorous code review processes are essential to mitigate these recurring risks and ensure the integrity of hosted environments.

Found 33 results / 85Clear Filters
Top products by Themeum: Tutor LMS – eLearning and online course solution Tutor LMS WP Crowdfunding Tutor LMS Pro Tutor LMS Elementor Addons Qubely Tutor LMS – Migration Tool Droip Qubely – Advanced Gutenberg Blocks WP Page Builder (WordPress plugin) WP Mega Menu Tutor LMS BunnyNet Integration
CVE IDTitleCVSSSeverityPublished
CVE-2026-6965 Tutor LMS <= 3.9.9 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Post Deletion via 'course' GET Parameter — Tutor LMS – eLearning and online course solutionCWE-639 5.3 Medium2026-05-13
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order — Tutor LMS – eLearning and online course solutionCWE-862 5.3 Medium2026-04-17
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter — Tutor LMS – eLearning and online course solutionCWE-89 6.5 Medium2026-04-17
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification — Tutor LMS – eLearning and online course solutionCWE-639 4.3 Medium2026-04-11
CVE-2026-3358 Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2026-04-11
CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter — Tutor LMS – eLearning and online course solutionCWE-862 7.5 High2026-04-10
CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2026-02-28
CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action — Tutor LMS – eLearning and online course solutionCWE-200 5.3 Medium2026-02-03
CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion — Tutor LMS – eLearning and online course solutionCWE-639 8.1 High2026-02-03
CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2026-01-20
CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details — Tutor LMS – eLearning and online course solutionCWE-862 6.5 Medium2026-01-08
CVE-2025-11564 Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update — Tutor LMS – eLearning and online course solutionCWE-862 5.3 Medium2025-10-25
CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure — Tutor LMS – eLearning and online course solutionCWE-284 4.3 Medium2025-10-25
CVE-2024-10400 Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2024-11-21
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration — Tutor LMS – eLearning and online course solutionCWE-284 5.3 Medium2024-11-21
CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' — Tutor LMS – eLearning and online course solutionCWE-352 4.3 Medium2024-09-10
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion — Tutor LMS – eLearning and online course solutionCWE-639 4.3 Medium2024-06-07
CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 7.2 High2024-06-07
CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization — Tutor LMS – eLearning and online course solutionCWE-862 9.8 Critical2024-05-16
CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 8.8 High2024-05-16
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion — Tutor LMS – eLearning and online course solutionCWE-639 6.5 Medium2024-05-16
CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update — Tutor LMS – eLearning and online course solutionCWE-862 6.5 Medium2024-05-02
CVE-2024-3994 Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode — Tutor LMS – eLearning and online course solutionCWE-79 5.4 Medium2024-04-25
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 8.8 High2024-03-13
CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2024-03-12
CVE-2024-1503 Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase — Tutor LMS – eLearning and online course solutionCWE-352 4.3 Medium2024-03-12
CVE-2024-1133 Tutor LMS <= 2.6.0 - Missing Authorization — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2024-02-20

This page lists every published CVE security advisory associated with Themeum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.