Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

ThimPress — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting ThimPress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThimPress operates as a software vendor specializing in WordPress plugins and themes, primarily targeting small business owners and web developers seeking ready-made digital solutions. Security audits reveal a concerning pattern of vulnerabilities, with approximately 100 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and weak authentication mechanisms. Privilege escalation issues further compound the risk, allowing unauthorized users to manipulate site configurations or execute malicious scripts. The high volume of recorded CVEs suggests systemic gaps in the development lifecycle, particularly regarding code review and secure coding practices. While specific major data breaches linked directly to ThimPress products remain largely unpublicized, the persistent presence of critical vulnerabilities poses significant risks to dependent websites. This profile highlights the urgent need for rigorous security testing and timely patching to mitigate potential exploitation by attackers targeting the WordPress ecosystem.

Top products by ThimPress: LearnPress – WordPress LMS Plugin for Create and Sell Online Courses WP Hotel Booking LearnPress WP Pipes LearnPress Export Import Eduma Thim Elementor Kit LearnPress – WordPress LMS Plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor WP Events Manager LearnPress – Backup & Migration Tool Sailing FundPress – WordPress Donation Plugin LearnPress – Sepay Payment BuilderPress RealPress LearnPress – Course Review Thim Blocks Thim Core Resca Course Builder Ivy School FundPress
CVE IDTitleCVSSSeverityPublished
CVE-2024-7717 WP Events Manager <= 2.1.11 - Authenticated (Subscriber+) Time-Based SQL Injection — WP Events ManagerCWE-89 8.8 High2024-08-31
CVE-2024-39641 WordPress LearnPress plugin <= 4.2.6.8.2 - Cross Site Request Forgery (CSRF) vulnerability — LearnPressCWE-352 4.3 Medium2024-08-26
CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability — LearnPressCWE-639 6.5 Medium2024-08-13
CVE-2024-7548 LearnPress – WordPress LMS Plugin <= 4.2.6.9.3 - Authenticated (Contributor+) SQL Injection via order Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 8.8 High2024-08-08
CVE-2024-6589 LearnPress <= 4.2.6.8.2 - Authenticated (Contributor+) Local File Inclusion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-98 8.8 High2024-07-25
CVE-2024-6099 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-07-02
CVE-2024-6088 LearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration Bypass — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2024-07-02
CVE-2024-3605 WP Hotel Booking <= 2.1.0 - Unauthenticated SQL Injection — WP Hotel BookingCWE-89 10.0 Critical2024-06-20
CVE-2023-36515 WordPress LearnPress plugin <= 4.2.3 - Unauthenticated Broken Access Control vulnerability — LearnPressCWE-862 7.3 High2024-06-19
CVE-2023-36516 WordPress LearnPress plugin <= 4.2.3 - Authenticated Broken Access Control vulnerability — LearnPressCWE-862 7.6 High2024-06-19
CVE-2024-35697 WordPress Eduma theme <= 5.4.7 - Reflected Cross Site Scripting (XSS) vulnerability — EdumaCWE-79 7.1 High2024-06-08
CVE-2024-5483 LearnPress – WordPress LMS Plugin <= 4.2.6.8 - Basic Information Disclosure via JSON API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2024-06-05
CVE-2024-4971 LearnPress – WordPress LMS Plugin <= 4.2.6.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-22
CVE-2024-4329 Thim Elementor Kit <= 1.1.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — Thim Kit for Elementor – Pre-built Templates & Widgets for ElementorCWE-79 6.4 Medium2024-05-11
CVE-2024-4277 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-05-10
CVE-2024-4444 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Bypass to User Registration — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-420 5.3 Medium2024-05-10
CVE-2024-4434 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Unauthenticated Time-Based SQL Injection — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 9.8 Critical2024-05-10
CVE-2024-4397 LearnPress – WordPress LMS Plugin <= 4.2.6.5 - Authenticated (Instructor+) Arbitrary File Upload — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-434 8.8 High2024-05-09
CVE-2024-34415 WordPress Thim Elementor Kit plugin <= 1.1.8 - Cross Site Scripting (XSS) vulnerability — Thim Elementor KitCWE-79 6.5 Medium2024-05-09
CVE-2024-3560 LearnPress – WordPress LMS Plugin <= 4.2.6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2024-04-19
CVE-2024-32588 WordPress LearnPress Export Import plugin <= 4.0.3 - Reflected Cross Site Scripting (XSS) vulnerability — LearnPress Export ImportCWE-79 7.1 High2024-04-18
CVE-2024-1463 LearnPress <= 4.2.6.3 - Authenticated(LP Instructor+) Stored Cross-Site Scripting — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 4.4 Medium2024-04-09
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-285 6.5 Medium2024-04-09
CVE-2024-31241 WordPress LearnPress Export Import plugin <= 4.0.3 - Auth. SQL Injection vulnerability — LearnPress Export ImportCWE-89 7.6 High2024-04-07
CVE-2024-2115 LearnPress – WordPress LMS Plugin <= 4.0.0 - Cross-Site Request Forgery to Privilege Escalation — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-352 8.8 High2024-04-05
CVE-2024-30508 WordPress WP Hotel Booking plugin <= 2.0.9.2 - Broken Access Control vulnerability — WP Hotel BookingCWE-862 6.5 Medium2024-03-29
CVE-2023-6567 LearnPress <= 4.2.5.7 - Unauthenticated SQL Injection via order_by — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-89 9.8 Critical2024-01-11
CVE-2023-6634 LearnPress <= 4.2.5.7 - Command Injection — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-88 8.1 High2024-01-11
CVE-2023-6223 LearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information Disclosure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639 4.3 Medium2024-01-11
CVE-2023-40009 WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF) — WP PipesCWE-352 5.4 Medium2023-10-03

This page lists every published CVE security advisory associated with ThimPress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.