Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThimPress — Vulnerabilities & Security Advisories 101

Browse all 101 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThimPress operates as a software vendor specializing in WordPress plugins and themes, primarily targeting small business owners and web developers seeking ready-made digital solutions. Security audits reveal a concerning pattern of vulnerabilities, with approximately 100 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and weak authentication mechanisms. Privilege escalation issues further compound the risk, allowing unauthorized users to manipulate site configurations or execute malicious scripts. The high volume of recorded CVEs suggests systemic gaps in the development lifecycle, particularly regarding code review and secure coding practices. While specific major data breaches linked directly to ThimPress products remain largely unpublicized, the persistent presence of critical vulnerabilities poses significant risks to dependent websites. This profile highlights the urgent need for rigorous security testing and timely patching to mitigate potential exploitation by attackers targeting the WordPress ecosystem.

Found 33 results / 101Clear Filters
Top products by ThimPress: LearnPress – WordPress LMS Plugin for Create and Sell Online Courses WP Hotel Booking LearnPress WP Pipes LearnPress Export Import Eduma Thim Elementor Kit LearnPress – WordPress LMS Plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor WP Events Manager LearnPress – Backup & Migration Tool Sailing FundPress – WordPress Donation Plugin LearnPress – Sepay Payment BuilderPress RealPress LearnPress – Course Review Thim Blocks Thim Core Resca Course Builder Ivy School FundPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-7648 LearnPress – WordPress LMS Plugin for Create and Sell Online Courses <= 4.3.5 - Authenticated (Subscriber+) Payment Bypass to Free Course Enrollment via 'quantity' Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639 4.3 Medium2026-05-14
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 9.1 Critical2026-04-14
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2026-04-08
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 4.3 Medium2026-03-23
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 4.3 Medium2026-03-12
CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2026-01-20
CVE-2025-14802 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639 5.4 Medium2026-01-07
CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2026-01-06
CVE-2025-13956 LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2025-12-16
CVE-2025-14387 LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2025-12-15
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2025-11-21
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 6.5 Medium2025-10-18
CVE-2024-13599 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2025-01-25
CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-284 5.3 Medium2024-12-10
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12
CVE-2024-7548 LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 8.8 High2024-08-08
CVE-2024-6589 LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-98 8.8 High2024-07-25
CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-07-02
CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2024-07-02
CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2024-06-05
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-22
CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-10
CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-05-10
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 9.8 Critical2024-05-10
CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-434 8.8 High2024-05-09
CVE-2024-3560 LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-04-19
CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 4.4 Medium2024-04-09
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-285 6.5 Medium2024-04-09
CVE-2024-2115 LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-352 8.8 High2024-04-05

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.