Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

thimpress — Vulnerabilities & Security Advisories 100

Browse all 100 CVE security advisories affecting thimpress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ThimPress operates as a software vendor specializing in WordPress plugins and themes, primarily targeting small business owners and web developers seeking ready-made digital solutions. Security audits reveal a concerning pattern of vulnerabilities, with approximately 100 Common Vulnerabilities and Exposures (CVEs) currently documented. These flaws predominantly involve Cross-Site Scripting (XSS), SQL Injection, and Remote Code Execution (RCE), often stemming from insufficient input validation and weak authentication mechanisms. Privilege escalation issues further compound the risk, allowing unauthorized users to manipulate site configurations or execute malicious scripts. The high volume of recorded CVEs suggests systemic gaps in the development lifecycle, particularly regarding code review and secure coding practices. While specific major data breaches linked directly to ThimPress products remain largely unpublicized, the persistent presence of critical vulnerabilities poses significant risks to dependent websites. This profile highlights the urgent need for rigorous security testing and timely patching to mitigate potential exploitation by attackers targeting the WordPress ecosystem.

Top products by thimpress: LearnPress – WordPress LMS Plugin for Create and Sell Online Courses WP Hotel Booking LearnPress WP Pipes LearnPress Export Import Eduma Thim Elementor Kit LearnPress – WordPress LMS Plugin Thim Kit for Elementor – Pre-built Templates & Widgets for Elementor WP Events Manager LearnPress – Backup & Migration Tool Sailing FundPress – WordPress Donation Plugin LearnPress – Sepay Payment BuilderPress RealPress LearnPress – Course Review Thim Blocks Thim Core Resca Course Builder Ivy School FundPress
CVE IDTitleCVSSSeverityPublished
CVE-2026-4650 FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler — FundPress – WordPress Donation PluginCWE-862 5.3 Medium2026-05-02
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 9.1 Critical2026-04-14
CVE-2026-4333 LearnPress <= 4.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'skin' Shortcode Attribute — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2026-04-08
CVE-2026-25002 WordPress LearnPress – Sepay Payment plugin <= 4.0.0 - Broken Authentication vulnerability — LearnPress – Sepay PaymentCWE-288 7.5 High2026-03-25
CVE-2026-3225 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 4.3 Medium2026-03-23
CVE-2026-27065 WordPress BuilderPress plugin <= 2.0.1 - Local File Inclusion vulnerability — BuilderPressCWE-98 9.8 Critical2026-03-19
CVE-2026-1870 Thim Kit for Elementor <= 1.3.7 - Missing Authorization to Unauthenticated Private Course Disclosure — Thim Kit for Elementor – Pre-built Templates & Widgets for ElementorCWE-862 5.3 Medium2026-03-14
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 4.3 Medium2026-03-12
CVE-2026-1787 LearnPress Export Import <= 4.1.0 - Missing Authentication to Unauthenticated Migrated Course Deletion — LearnPress – Backup & Migration ToolCWE-862 4.8 Medium2026-02-21
CVE-2026-27050 WordPress RealPress plugin <= 1.1.0 - Cross Site Request Forgery (CSRF) vulnerability — RealPressCWE-352 5.4 Medium2026-02-19
CVE-2026-24361 WordPress LearnPress – Course Review plugin <= 4.1.9 - Cross Site Scripting (XSS) vulnerability — LearnPress – Course ReviewCWE-79 6.5 Medium2026-01-22
CVE-2025-14798 LearnPress – WordPress LMS Plugin <= 4.3.2.4 - Missing Authorization to Unauthenticated Sensitive User Information Disclosure via REST API — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2026-01-20
CVE-2025-13725 Gutenberg Thim Blocks <= 1.0.1 - Authenticated (Contributor+) Arbitrary File Read via 'iconSVG' Parameter — Thim BlocksCWE-22 6.5 Medium2026-01-17
CVE-2025-14075 WP Hotel Booking <= 2.2.7 - Unauthenticated Sensitive Information Exposure via 'email' Parameter — WP Hotel BookingCWE-200 5.3 Medium2026-01-17
CVE-2025-14802 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-639 5.4 Medium2026-01-07
CVE-2025-13964 LearnPress – WordPress LMS Plugin <= 4.3.2 - Missing Authentication to Unauthenticated Course Modification — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2026-01-06
CVE-2025-53344 WordPress Thim Core Plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) Vulnerability — Thim CoreCWE-352 4.3 Medium2026-01-05
CVE-2025-66054 WordPress LearnPress plugin <= 4.2.9.4 - Broken Access Control vulnerability — LearnPressCWE-862 7.5 High2025-12-18
CVE-2025-13956 LearnPress – WordPress LMS Plugin <= 4.3.1 - Missing Authorization to Unauthenticated Orders Statistics Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-862 5.3 Medium2025-12-16
CVE-2025-14387 LearnPress – WordPress LMS Plugin <= 4.3.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting via get_profile_social — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-79 6.4 Medium2025-12-15
CVE-2025-63012 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability — WP Hotel BookingCWE-352 4.3 Medium2025-12-09
CVE-2025-63011 WordPress WP Hotel Booking plugin <= 2.2.8 - Cross Site Scripting (XSS) vulnerability — WP Hotel BookingCWE-79 5.9 Medium2025-12-09
CVE-2025-63013 WordPress WP Hotel Booking plugin <= 2.2.7 - Sensitive Data Exposure vulnerability — WP Hotel BookingCWE-497 4.3 Medium2025-12-09
CVE-2025-67594 WordPress Thim Elementor Kit plugin <= 1.3.3 - Insecure Direct Object References (IDOR) vulnerability — Thim Elementor KitCWE-639 4.3 Medium2025-12-09
CVE-2025-67573 WordPress Sailing theme < 4.4.6 - Broken Access Control vulnerability — SailingCWE-862 5.3 Medium2025-12-09
CVE-2025-67536 WordPress LearnPress plugin <= 4.2.9.4 - Cross Site Scripting (XSS) vulnerability — LearnPressCWE-79 6.5 Medium2025-12-09
CVE-2025-67526 WordPress Sailing theme < 4.4.6 - Local File Inclusion vulnerability — SailingCWE-98 7.5 High2025-12-09
CVE-2025-11368 LearnPress – WordPress LMS Plugin <= 4.2.9.4 - Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure — LearnPress – WordPress LMS Plugin for Create and Sell Online CoursesCWE-200 5.3 Medium2025-11-21
CVE-2025-60200 WordPress LearnPress Export Import plugin <= 4.1.2 - Local File Inclusion vulnerability — LearnPress Export ImportCWE-98 7.5 High2025-11-06
CVE-2025-54721 WordPress Resca theme <= 3.0.2 - Cross Site Scripting (XSS) vulnerability — RescaCWE-79 7.1 High2025-11-06

This page lists every published CVE security advisory associated with thimpress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.