Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

themeum — Vulnerabilities & Security Advisories 84

Browse all 84 CVE security advisories affecting themeum. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Themeum operates as a cloud-based platform facilitating the creation and deployment of virtual machines, primarily targeting developers and enterprises seeking streamlined infrastructure management. Security audits have identified eighty-four Common Vulnerabilities and Exposures (CVEs) associated with the platform, indicating a significant historical attack surface. The most prevalent vulnerability classes include remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws, often stemming from inadequate input validation and improper access controls within its web interface and API endpoints. These defects have occasionally allowed unauthorized users to execute arbitrary commands or escalate their permissions to administrative levels, potentially compromising underlying virtual machine instances. While specific major public breaches remain limited in detailed public reporting, the high volume of disclosed CVEs suggests persistent challenges in securing the application layer. Continuous patching and rigorous code review processes are essential to mitigate these recurring risks and ensure the integrity of hosted environments.

Top products by themeum: Tutor LMS – eLearning and online course solution Tutor LMS WP Crowdfunding Tutor LMS Pro Tutor LMS Elementor Addons Qubely Tutor LMS – Migration Tool Droip Qubely – Advanced Gutenberg Blocks WP Page Builder (WordPress plugin) WP Mega Menu Tutor LMS BunnyNet Integration
CVE IDTitleCVSSSeverityPublished
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion — Tutor LMS – eLearning and online course solutionCWE-639 4.3 Medium2024-06-07
CVE-2024-4902 Tutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 7.2 High2024-06-07
CVE-2024-4222 Tutor LMS Pro <= 2.7.0 - Missing Authorization — Tutor LMS ProCWE-862 7.3 High2024-05-16
CVE-2024-4352 Tutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection — Tutor LMS ProCWE-862 8.8 High2024-05-16
CVE-2024-4351 Tutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation — Tutor LMS ProCWE-89 8.8 High2024-05-16
CVE-2024-4223 Tutor LMS <= 2.7.0 - Missing Authorization — Tutor LMS – eLearning and online course solutionCWE-862 9.8 Critical2024-05-16
CVE-2024-4318 Tutor LMS <= 2.7.0 - Authenticated (Instructor+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 8.8 High2024-05-16
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion — Tutor LMS – eLearning and online course solutionCWE-639 6.5 Medium2024-05-16
CVE-2024-3553 Tutor LMS <= 2.6.2 - Missing Authorization to Unauthenticated Limited Options Update — Tutor LMS – eLearning and online course solutionCWE-862 6.5 Medium2024-05-02
CVE-2024-3994 Tutor LMS – eLearning and online course solution <= 2.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'tutor_instructor_list' Shortcode — Tutor LMS – eLearning and online course solutionCWE-79 5.4 Medium2024-04-25
CVE-2024-29913 WordPress Tutor LMS Elementor Addons plugin <= 2.1.3 - Cross Site Scripting (XSS) vulnerability — Tutor LMS Elementor AddonsCWE-79 6.5 Medium2024-03-27
CVE-2024-1751 Tutor LMS – eLearning and online course solution <= 2.6.1 - Authenticated (Subscriber+) SQL Injection — Tutor LMS – eLearning and online course solutionCWE-89 8.8 High2024-03-13
CVE-2024-1502 Tutor LMS – eLearning and online course solution <= 2.6.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Tutor LMS – eLearning and online course solutionCWE-862 5.4 Medium2024-03-12
CVE-2024-1503 Tutor LMS – eLearning and online course solution <= 2.6.1 - Cross-Site Request Forgery to Plugin Deactivation and Data Erase — Tutor LMS – eLearning and online course solutionCWE-352 4.3 Medium2024-03-12
CVE-2024-1133 Tutor LMS <= 2.6.0 - Missing Authorization — Tutor LMS – eLearning and online course solutionCWE-862 4.3 Medium2024-02-20
CVE-2024-1128 Tutor LMS <= 2.6.0 - Authenticated(Student+) HTML Injection via Q&A — Tutor LMS – eLearning and online course solutionCWE-74 5.4 Medium2024-02-20
CVE-2023-50859 WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — WP CrowdfundingCWE-79 6.5 Medium2023-12-28
CVE-2023-49829 WordPress Tutor LMS Plugin <= 2.2.4 is vulnerable to Cross Site Scripting (XSS) — Tutor LMS – eLearning and online course solutionCWE-79 5.9 Medium2023-12-15
CVE-2023-47532 WordPress WP Crowdfunding Plugin <= 2.1.6 is vulnerable to Cross Site Scripting (XSS) — WP CrowdfundingCWE-79 5.8 Medium2023-11-14
CVE-2023-25700 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection — Tutor LMSCWE-89 8.2 High2023-11-03
CVE-2023-25800 WordPress Tutor LMS Plugin <= 2.2.0 is vulnerable to SQL Injection — Tutor LMSCWE-89 8.1 High2023-11-03
CVE-2023-25990 WordPress Tutor LMS Plugin <= 2.1.10 is vulnerable to SQL Injection — Tutor LMSCWE-89 7.1 High2023-11-03
CVE-2022-40963 WordPress WP Page Builder plugin <= 1.2.6 - Multiple Auth. Stored Cross-Site Scripting (XSS) vulnerabilities — WP Page Builder (WordPress plugin)CWE-79 4.8 Medium2022-11-18
CVE-2021-24242 Tutor LMS < 1.8.8 - Authenticated Local File Inclusion — Tutor LMS – eLearning and online course solutionCWE-22 5.5 -2021-04-22

This page lists every published CVE security advisory associated with themeum. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.