Filter
-Infinity
0

Trending

Last week
Last month
Last year

QubelyWordPress Qubely – Advanced Gutenberg Blocks plugin <= 1.8.12 - Cross Site Scripting (XSS) vulnerability

medium
6.5
EPSS
0.04%
First published (updated )
CVE-2025-26767

QubelyQubely – Advanced Gutenberg Blocks <= 1.8.12 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'align' and 'UniqueID'

medium
6.5
First published (updated )
CVE-2024-9601

Themeum WP CrowdfundingWordPress WP Crowdfunding plugin <= 2.1.5 - Broken Access Control vulnerability

high
8.8
First published (updated )
CVE-2023-41870

Themeum WP CrowdfundingWP Crowdfunding <= 2.1.12 - Authenticated (Contributor+) Stored Cross-Site Scripting

medium
6.4
First published (updated )
CVE-2024-11910

Themeum WP CrowdfundingWP Crowdfunding <= 2.1.12 - Missing Authorization to Authenticated (Subscriber+) WooCommerce Installation

medium
4.3
First published (updated )
CVE-2024-11911

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Tutor LMSWordPress Tutor LMS Elementor Addons plugin <= 2.1.5 - Broken Access Control vulnerability

high
8.8
First published (updated )
CVE-2024-53816

Themeum Tutor LMSTutor LMS <= 2.7.6 - Unauthenticated SQL Injection via rating_filter

high
7.5
First published (updated )
CVE-2024-10400

Themeum Tutor LMSTutor LMS <= 2.7.6 - User Registration Setting Bypass to Unauthorized User Registration

medium
5.3
First published (updated )
CVE-2024-10393

Tutor LMSTutor LMS Elementor Addons <= 2.1.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation

medium
4.3
First published (updated )
CVE-2024-10897

Tutor LMSWordPress Tutor LMS plugin <= 2.7.3 - Broken Access Control vulnerability

medium
4.3
First published (updated )
CVE-2024-43142

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Themeum WP CrowdfundingWordPress WP Crowdfunding plugin <= 2.1.10 - Settings Change vulnerability

medium
6.4
First published (updated )
CVE-2024-43937

Themeum WP CrowdfundingWP Crowdfunding <= 2.1.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpcf_donate Shortcode

medium
6.4
First published (updated )
CVE-2024-10117

Themeum Tutor LMSTutor LMS <= 2.7.4 - Cross-Site Request Forgery via 'addon_enable_disable'

medium
4.3
First published (updated )
CVE-2023-2919

Themeum Droip WordpressWordPress Droip plugin <= 1.1.1 - Unauthenticated Arbitrary File Download/Deletion vulnerability

critical
10
First published (updated )
CVE-2024-43955

Themeum Droip WordpressWordPress Droip plugin <= 1.1.1 - Subscriber+ Settings Change/Data Exposure Vulnerability

medium
6.3
First published (updated )
CVE-2024-43954

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Themeum Tutor LMSWordPress Tutor LMS plugin <= 2.7.2 - Cross Site Request Forgery (CSRF) vulnerability

high
8.8
First published (updated )
CVE-2024-39645

Tutor LMSTutor LMS Elementor Addons <= 2.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Course Carousel Widget

medium
6.4
First published (updated )
CVE-2024-5576

Tutor LMSWordPress Tutor LMS plugin <= 2.7.2 - SQL Injection vulnerability

high
7.6
First published (updated )
CVE-2024-43282

Tutor LMSWordPress Tutor LMS plugin <= 2.7.3 - Cross Site Scripting (XSS) vulnerability

medium
6.5
First published (updated )
CVE-2024-43231

Themeum Tutor LMSTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_lp_export_xml

medium
5.3
First published (updated )
CVE-2024-1798

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Themeum Tutor LMSTutor LMS – Migration Tool <= 2.2.0 - Missing Authorization in tutor_import_from_xml

medium
4.3
First published (updated )
CVE-2024-1804

Tutor LMSWordPress Tutor LMS plugin <= 2.7.2 - Cross Site Scripting (XSS) vulnerability

medium
5.9
First published (updated )
CVE-2024-37947

Themeum Tutor LMSWordPress Tutor LMS plugin <= 2.7.1 - Path Traversal vulnerability

high
7.2
First published (updated )
CVE-2024-37266

Themeum Tutor LMSWordPress Tutor LMS plugin <= 2.7.1 - SQL Injection vulnerability

high
7.6
First published (updated )
CVE-2024-37256

Themeum Tutor LMSWordPress Tutor LMS plugin <= 2.1.8 - Multiple Broken Access Control vulnerabilities

high
8.8
First published (updated )
CVE-2023-25799

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Themeum Tutor LMSTutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion

medium
4.3
EPSS
0.05%
First published (updated )
CVE-2024-5438

Themeum Tutor LMSTutor LMS – eLearning and online course solution <= 2.7.1 -Authenticated (Administrator+) SQL Injection

high
7.2
EPSS
0.04%
First published (updated )
CVE-2024-4902

Themeum Tutor LMSTutor LMS Pro <= 2.7.0 - Missing Authorization to SQL Injection

high
8.8
EPSS
0.05%
First published (updated )
CVE-2024-4352

Themeum Tutor LMSTutor LMS Pro <= 2.7.0 - Missing Authorization to Privilege Escalation

high
8.8
EPSS
0.05%
First published (updated )
CVE-2024-4351

Themeum Tutor LMSTutor LMS Pro <= 2.7.0 - Missing Authorization

high
8.2
EPSS
0.05%
First published (updated )
CVE-2024-4222

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203