Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeum — Vulnerabilities & Security Advisories 84

Browse all 84 CVE security advisories affecting themeum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeum operates as a cloud-based platform facilitating the creation and deployment of virtual machines, primarily targeting developers and enterprises seeking streamlined infrastructure management. Security audits have identified eighty-four Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from inadequate input validation and improper access controls within its web interface and API endpoints. These defects have occasionally allowed unauthorized users to execute arbitrary commands or escalate their permissions to administrative levels, potentially compromising underlying virtual machine instances. While specific major public breaches remain limited in detailed public reporting, the high volume of disclosed CVEs suggests persistent challenges in securing the application layer. Continuous patching and rigorous code review processes are essential to mitigate these recurring risks and ensure the integrity of hosted environments.

Top products by themeum: Tutor LMS – eLearning and online course solution Tutor LMS WP Crowdfunding Tutor LMS Pro Tutor LMS Elementor Addons Qubely Tutor LMS – Migration Tool Droip Qubely – Advanced Gutenberg Blocks WP Page Builder (WordPress plugin) WP Mega Menu Tutor LMS BunnyNet Integration
CVE IDTitleCVSSSeverityPublished
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order — Tutor LMS – eLearning and online course solutionCWE-862 5.3 Medium2026-04-17
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter — Tutor LMS – eLearning and online course solutionCWE-89 6.5 Medium2026-04-17
CVE-2026-40740 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability — Tutor LMSCWE-862 5.4 Medium2026-04-15
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification — Tutor LMS – eLearning and online course solutionCWE-639 4.3 Medium2026-04-11
CVE-2026-3358 Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2026-04-11
CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter — Tutor LMS – eLearning and online course solutionCWE-862 7.5 High2026-04-10
CVE-2026-39638 WordPress Qubely plugin <= 1.8.14 - Cross Site Scripting (XSS) vulnerability — QubelyCWE-79 5.9 Medium2026-04-08
CVE-2026-25406 WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability — Tutor LMS ProCWE-288 8.1 High2026-03-25
CVE-2025-32223 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability — Tutor LMSCWE-639 6.5 Medium2026-03-19
CVE-2026-0953 Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login — Tutor LMS ProCWE-287 9.8 Critical2026-03-10
CVE-2026-23799 WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability — Tutor LMSCWE-862 6.5 Medium2026-03-05
CVE-2025-13673 Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2026-02-28
CVE-2026-1371 Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action — Tutor LMS – eLearning and online course solutionCWE-200 5.3 Medium2026-02-03
CVE-2026-1375 Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion — Tutor LMS – eLearning and online course solutionCWE-639 8.1 High2026-02-03
CVE-2026-24584 WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability — Tutor LMS BunnyNet IntegrationCWE-79 5.9 Medium2026-01-23
CVE-2025-47555 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability — Tutor LMSCWE-639 3.8 Low2026-01-22
CVE-2026-0548 Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2026-01-20
CVE-2025-13934 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13628 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2026-01-09
CVE-2025-13679 Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details — Tutor LMS – eLearning and online course solutionCWE-862 6.5 Medium2026-01-08
CVE-2025-63042 WordPress Tutor LMS Elementor Addons plugin <= 3.0.1 - Cross Site Scripting (XSS) vulnerability — Tutor LMS Elementor AddonsCWE-79 6.5 Medium2025-12-09
CVE-2025-6639 Tutor LMS Pro – eLearning and online course solution <= 3.8.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to View/Edit Other Assignments — Tutor LMS ProCWE-285 5.4 Medium2025-10-25
CVE-2025-11564 Tutor LMS – eLearning and online course solution <= 3.8.3 - Missing Authorization to Unauthenticated Payment Status Update — Tutor LMS – eLearning and online course solutionCWE-862 5.3 Medium2025-10-25
CVE-2025-6680 Tutor LMS <= 3.8.3 - Missing Authorization to Sensitive Information Exposure — Tutor LMS – eLearning and online course solutionCWE-284 4.3 Medium2025-10-25
CVE-2025-58249 WordPress Qubely Plugin <= 1.8.14 - Sensitive Data Exposure Vulnerability — QubelyCWE-201 4.3 Medium2025-09-22
CVE-2025-58663 WordPress Qubely Plugin <= 1.8.14 - Broken Access Control Vulnerability — QubelyCWE-862 4.3 Medium2025-09-22
CVE-2025-58993 WordPress Tutor LMS Plugin <= 3.7.4 - SQL Injection Vulnerability — Tutor LMSCWE-89 7.6 High2025-09-09
CVE-2025-6184 Tutor LMS Pro – eLearning and online course solution <= 3.7.0 - Authenticated (Tutor Instructor+) SQL Injection — Tutor LMS ProCWE-89 8.8 High2025-08-13
CVE-2025-32230 WordPress Tutor LMS plugin <= 3.4.0 - HTML Injection vulnerability — Tutor LMSCWE-80 4.3 Medium2025-04-10

This page lists every published CVE security advisory associated with themeum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.