Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThimPress — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThimPress operates as a software vendor specializing in WordPress plugins and themes, primarily targeting small business owners and web developers seeking ready-made digital solutions. Security audits reveal a concerning pattern of vulnerabilities, with approximately 100 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and weak authentication mechanisms. Privilege escalation issues further compound the risk, allowing unauthorized users to manipulate site configurations or execute malicious scripts. The high volume of recorded CVEs suggests systemic gaps in the development lifecycle, particularly regarding code review and secure coding practices. While specific major data breaches linked directly to ThimPress products remain largely unpublicized, the persistent presence of critical vulnerabilities poses significant risks to dependent websites. This profile highlights the urgent need for rigorous security testing and timely patching to mitigate potential exploitation by attackers targeting the WordPress ecosystem.

Top products by ThimPress: LearnPress – WordPress LMS Plugin for Create and Sell Online Courses WP Hotel Booking LearnPress WP Pipes LearnPress Export Import Eduma Thim Elementor Kit LearnPress – WordPress LMS Plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor WP Events Manager LearnPress – Backup & Migration Tool Sailing FundPress – WordPress Donation Plugin LearnPress – Sepay Payment BuilderPress RealPress LearnPress – Course Review Thim Blocks Thim Core Resca Course Builder Ivy School FundPress
CVE IDTitleCVSSSeverityPublished
CVE-2025-64194 WordPress Eduma theme <= 5.7.6 - Cross Site Scripting (XSS) vulnerability — EdumaCWE-79 6.5 Medium2025-10-29
CVE-2025-64195 WordPress Eduma theme <= 5.7.6 - Local File Inclusion vulnerability — EdumaCWE-98 7.5 High2025-10-29
CVE-2025-60227 WordPress WP Pipes plugin <= 1.4.3 - Arbitrary File Deletion vulnerability — WP PipesCWE-22 8.6 High2025-10-22
CVE-2025-49992 WordPress LearnPress Export Import plugin <= 4.0.9 - Cross Site Scripting (XSS) vulnerability — LearnPress Export ImportCWE-79 7.1 High2025-10-22
CVE-2025-11372 LearnPress – WordPress LMS Plugin <= 4.2.9.3 - Missing Authorization to Unauthenticated Database Table Manipulation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 6.5 Medium2025-10-18
CVE-2025-57987 WordPress WP Events Manager Plugin <= 2.2.1 - Broken Access Control Vulnerability — WP Events ManagerCWE-862 5.3 Medium2025-09-22
CVE-2025-28977 WordPress WP Pipes Plugin <= 1.4.3 - Cross Site Scripting (XSS) Vulnerability — WP PipesCWE-79 7.1 High2025-08-20
CVE-2025-28979 WordPress WP Pipes <= 1.4.3 - Local File Inclusion Vulnerability — WP PipesCWE-98 8.1 High2025-08-14
CVE-2025-28982 WordPress WP Pipes plugin <= 1.4.3 - SQL Injection Vulnerability — WP PipesCWE-89 9.3 Critical2025-07-16
CVE-2025-48267 WordPress WP Pipes plugin <= 1.4.2 - Arbitrary File Deletion Vulnerability — WP PipesCWE-22 8.6 High2025-06-09
CVE-2025-48336 WordPress Course Builder < 3.6.6 - PHP Object Injection Vulnerability — Course BuilderCWE-502 9.8 Critical2025-05-29
CVE-2025-39460 WordPress Eduma theme <= 5.6.4 - Broken Access Control vulnerability — EdumaCWE-862 5.3 Medium2025-05-19
CVE-2025-47664 WordPress WP Pipes <= 1.4.2 - Server Side Request Forgery (SSRF) Vulnerability — WP PipesCWE-918 4.4 Medium2025-05-07
CVE-2025-47448 WordPress WP Hotel Booking plugin <= 2.1.9 - Cross Site Request Forgery (CSRF) Vulnerability — WP Hotel BookingCWE-352 4.3 Medium2025-05-07
CVE-2025-39470 WordPress Ivy School theme <= 1.6.0 - Local File Inclusion Vulnerability — Ivy SchoolCWE-35 8.1 High2025-04-18
CVE-2025-22739 WordPress LearnPress plugin <= 4.2.7.5 - Broken Access Control vulnerability — LearnPressCWE-862 5.3 Medium2025-03-27
CVE-2025-24740 WordPress Learnpress plugin <= 4.2.7.1 - Open Redirection vulnerability — LearnPressCWE-601 4.7 Medium2025-01-27
CVE-2025-24601 WordPress FundPress plugin <= 2.0.6 - PHP Object Injection vulnerability — FundPressCWE-502 9.8 Critical2025-01-27
CVE-2024-13599 LearnPress – WordPress LMS Plugin <= 4.2.7.5 - Authenticated (LP Instructor+) Stored Cross-Site Scripting via Lesson Name — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2025-01-25
CVE-2025-24725 WordPress Thim Elementor Kit Plugin <= 1.2.8 - Broken Access Control vulnerability — Thim Elementor KitCWE-862 4.3 Medium2025-01-24
CVE-2024-13447 WP Hotel Booking <= 2.1.6 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval — WP Hotel BookingCWE-862 4.3 Medium2025-01-22
CVE-2024-12370 WP Hotel Booking <= 2.1.5 - Missing Authorization — WP Hotel BookingCWE-284 5.3 Medium2025-01-17
CVE-2025-22312 WordPress Thim Elementor Kit plugin <= 1.2.9 - Cross Site Scripting (XSS) vulnerability — Thim Elementor KitCWE-79 6.5 Medium2025-01-07
CVE-2024-12283 WP Pipes <= 1.4.1 - Reflected Cross-Site Scripting via x1 Parameter — WP PipesCWE-79 6.1 Medium2024-12-11
CVE-2024-11868 LearnPress – WordPress LMS Plugin <= 4.2.7.3 - Course Material Sensitive Information Exposure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-284 5.3 Medium2024-12-10
CVE-2024-9609 LearnPress Export Import – WordPress extension for LearnPress <= 4.0.4 - Reflected Cross-Site Scripting — LearnPress – Backup & Migration ToolCWE-79 6.1 Medium2024-11-15
CVE-2024-51582 WordPress WP Hotel Booking plugin <= 2.2.9 - Local File Inclusion vulnerability — WP Hotel BookingCWE-35 7.5 High2024-11-04
CVE-2024-7855 WP Hotel Booking <= 2.1.2 - Authenticated (Subscriber+) Arbitrary File Upload — WP Hotel BookingCWE-434 8.8 High2024-10-02
CVE-2024-8522 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_only_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12
CVE-2024-8529 LearnPress – WordPress LMS Plugin <= 4.2.7 - Unauthenticated SQL Injection via 'c_fields' — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 10.0 Critical2024-09-12

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.