Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeum — Vulnerabilities & Security Advisories 84

Browse all 84 CVE security advisories affecting themeum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeum operates as a cloud-based platform facilitating the creation and deployment of virtual machines, primarily targeting developers and enterprises seeking streamlined infrastructure management. Security audits have identified eighty-four Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from inadequate input validation and improper access controls within its web interface and API endpoints. These defects have occasionally allowed unauthorized users to execute arbitrary commands or escalate their permissions to administrative levels, potentially compromising underlying virtual machine instances. While specific major public breaches remain limited in detailed public reporting, the high volume of disclosed CVEs suggests persistent challenges in securing the application layer. Continuous patching and rigorous code review processes are essential to mitigate these recurring risks and ensure the integrity of hosted environments.

Top products by themeum: Tutor LMS – eLearning and online course solution Tutor LMS WP Crowdfunding Tutor LMS Pro Tutor LMS Elementor Addons Qubely Tutor LMS – Migration Tool Droip Qubely – Advanced Gutenberg Blocks WP Page Builder (WordPress plugin) WP Mega Menu Tutor LMS BunnyNet Integration
CVE IDTitleCVSSSeverityPublished
CVE-2025-31892 WordPress WP Crowdfunding plugin <= 2.1.15 - Cross Site Scripting (XSS) vulnerability — WP CrowdfundingCWE-79 6.5 Medium2025-04-01
CVE-2025-1508 WP Crowdfunding <= 2.1.14 - Missing Authorization to Authenticated (Subscriber+) Post Content Download — WP CrowdfundingCWE-862 5.3 Medium2025-03-12
CVE-2024-13228 Qubely – Advanced Gutenberg Blocks <= 1.8.13 - Authenticated (Contributor+) Sensitive Information Exposure via qubely_get_content — Qubely – Advanced Gutenberg BlocksCWE-359 4.3 Medium2025-03-11
CVE-2025-26767 WordPress Qubely plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability — QubelyCWE-79 6.5 Medium2025-02-16
CVE-2024-9601 Qubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID' — Qubely – Advanced Gutenberg BlocksCWE-79 6.5 Medium2025-02-14
CVE-2024-54282 WordPress WP Mega Menu plugin <= 1.4.2 - PHP Object Injection vulnerability — WP Mega MenuCWE-502 7.2 High2024-12-13
CVE-2023-41870 WordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability — WP CrowdfundingCWE-862 4.3 Medium2024-12-13
CVE-2024-11910 WP Crowdfunding <= 2.1.15 - Authenticated (Contributor+) Stored Cross-Site Scripting — WP CrowdfundingCWE-79 6.4 Medium2024-12-13
CVE-2024-11911 WP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation — WP CrowdfundingCWE-862 4.3 Medium2024-12-13
CVE-2024-53816 WordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability — Tutor LMS Elementor AddonsCWE-862 4.3 Medium2024-12-09
CVE-2024-10400 Tutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter — Tutor LMS – eLearning and online course solutionCWE-89 7.5 High2024-11-21
CVE-2024-10393 Tutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration — Tutor LMS – eLearning and online course solutionCWE-284 5.3 Medium2024-11-21
CVE-2024-10897 Tutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation — Tutor LMS Elementor AddonsCWE-862 4.3 Medium2024-11-15
CVE-2024-43142 WordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability — Tutor LMSCWE-862 4.3 Medium2024-11-01
CVE-2024-43937 WordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability — WP CrowdfundingCWE-862 6.4 Medium2024-11-01
CVE-2024-10117 WP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode — WP CrowdfundingCWE-79 6.4 Medium2024-10-26
CVE-2023-2919 Tutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable' — Tutor LMS – eLearning and online course solutionCWE-352 4.3 Medium2024-09-10
CVE-2024-5784 Tutor LMS Pro <= 2.7.2 - Missing Authorization to Authenticated (Subscriber+) Insecure Direct Object Reference — Tutor LMS ProCWE-862 7.1 High2024-08-30
CVE-2024-43955 WordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability — DroipCWE-22 10.0 Critical2024-08-29
CVE-2024-43954 WordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability — DroipCWE-863 6.3 Medium2024-08-29
CVE-2024-39645 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability — Tutor LMSCWE-352 5.4 Medium2024-08-26
CVE-2024-5576 Tutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget — Tutor LMS Elementor AddonsCWE-79 6.4 Medium2024-08-20
CVE-2024-43282 WordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability — Tutor LMSCWE-89 7.6 High2024-08-18
CVE-2024-43231 WordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability — Tutor LMSCWE-79 6.5 Medium2024-08-12
CVE-2024-1798 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml — Tutor LMS – Migration ToolCWE-862 5.3 Medium2024-07-27
CVE-2024-1804 Tutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml — Tutor LMS – Migration ToolCWE-862 4.3 Medium2024-07-27
CVE-2024-37947 WordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability — Tutor LMSCWE-79 5.9 Medium2024-07-20
CVE-2024-37266 WordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability — Tutor LMSCWE-22 4.9 Medium2024-07-09
CVE-2024-37256 WordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability — Tutor LMSCWE-89 7.6 High2024-07-09
CVE-2023-25799 WordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities — Tutor LMSCWE-862 8.3 High2024-06-11

This page lists every published CVE security advisory associated with themeum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.