LearnPress
ThimPress
Developer
4.3.1
Latest version
80,000
Installations
Nov 21, 2025
Last updated
Vulnerability history
0 present
48 fixed
23 Mitigation rules
- Missing Authorization to Unauthenticated Arbitrary Callback Execution to Information Exposure vulnerability<= 4.2.9.4Nov 21, 2025
- Missing Authorization to Unauthenticated Database Table Manipulation vulnerability<= 4.2.9.3Oct 18, 2025
- Admin+ Stored XSS vulnerability< 4.2.7.5.1May 19, 2025
- Broken Access Control vulnerability<= 4.2.7.5Mar 27, 2025
- Authenticated (Admin+) Stored Cross-Site Scripting vulnerability<= 4.2.7.5Feb 25, 2025
- Authenticated (Instructor+) Stored Cross-Site Scripting via Lesson Name vulnerability<= 4.2.7.5Jan 27, 2025
- Open Redirection vulnerability<= 4.2.7.1Jan 24, 2025
- Admin+ Stored XSS vulnerability< 4.2.7.2Dec 12, 2024
- Course Material Sensitive Information Exposure via REST API vulnerability<= 4.2.7.3Dec 10, 2024
- Unauthenticated SQL Injection via 'c_only_fields' vulnerability<= 4.2.7Sep 12, 2024
- Unauthenticated SQL Injection via 'c_fields' vulnerability<= 4.2.7Sep 12, 2024
- Authenticated (Contributor+) SQL Injection via order Parameter vulnerability<= 4.2.6.9.3Aug 8, 2024
- Insecure Direct Object References (IDOR) vulnerability<= 4.2.6.8.2Aug 1, 2024
- Cross Site Request Forgery (CSRF) vulnerability<= 4.2.6.8.2Aug 1, 2024
- Authenticated (Contributor+) Local File Inclusion vulnerability<= 4.2.6.8.2Jul 25, 2024
- Missing Authorization to Unauthenticated User Registration Bypass vulnerability<= 4.2.6.8.1Jul 2, 2024
- Unauthenticated Bypass to User Registration vulnerability<= 4.2.6.8.1Jul 2, 2024
- Basic Information Disclosure via JSON API vulnerability<= 4.2.6.8Jun 5, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter vulnerability<= 4.2.6.6May 22, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting via layout_html Parameter vulnerability<= 4.2.6.5May 10, 2024
- Unauthenticated Bypass to User Registration vulnerability<= 4.2.6.5May 10, 2024
- Unauthenticated Time-Based SQL Injection vulnerability<= 4.2.6.5May 10, 2024
- Authenticated (Instructor+) Arbitrary File Upload vulnerability<= 4.2.6.5May 10, 2024
- Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability<= 4.2.6.4Apr 19, 2024
- Cross-Site Request Forgery to Privilege Escalation vulnerability<= 4.0.0Apr 5, 2024
- Authenticated(LP Instructor+) Stored Cross-Site Scripting vulnerability<= 4.2.6.3Apr 5, 2024
- Insecure Direct Object Reference vulnerability<= 4.2.6.3Apr 5, 2024
- Command Injection vulnerability<= 4.2.5.7Jan 4, 2024
- Insecure Direct Object Reference to Information Disclosure vulnerability<= 4.2.5.7Jan 3, 2024
- Unauthenticated SQL Injection via order_by vulnerability<= 4.2.5.7Jan 3, 2024
- Reflected Cross-Site Scripting via add_internal_scripts_to_head vulnerability< 4.2.5.4Nov 8, 2023
- Authenticated Broken Access Control vulnerability<= 4.2.3Jul 4, 2023
- Unauthenticated Broken Access Control vulnerability<= 4.2.3Jul 4, 2023
- Auth. SQL Injection (SQLi) vulnerability<= 4.1.7.3.2Jan 20, 2023
- Local File Inclusion<= 4.1.7.3.2Jan 20, 2023
- Unauthenticated SQL Injection Vulnerability<= 4.1.7.3.2Jan 20, 2023
- Unauthenticated PHP Object Injection vulnerability<= 4.1.7.1Oct 5, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 4.1.6.6Jun 21, 2022
- Reflected Cross-Site Scripting (XSS) vulnerability<= 4.1.5Mar 16, 2022
- Arbitrary Image Renaming vulnerability<= 4.1.4.1Jan 26, 2022
- SQL Injection (SQLi) vulnerability<= 4.1.3.2Nov 9, 2021
- Authenticated Stored Cross-Site Scripting (XSS) vulnerability<= 4.1.3.1Oct 18, 2021
- Multiple Stored Cross-Site Scripting (XSS) vulnerabilities<= 4.1.3Sep 20, 2021
- Reflected Cross-Site Scripting (XSS) vulnerability<= 3.2.7.2Sep 9, 2020
- Authenticated Time Based Blind SQL Injection (SQLi) vulnerability<= 3.2.6.7Apr 29, 2020
- Privilege Escalation vulnerability<= 3.2.6.7Apr 29, 2020
- Authenticated Page Creation and Status Modification vulnerability<= 3.2.6.8Apr 28, 2020
- Privilege Escalation vulnerability<= 3.2.6.6Mar 16, 2020