Thimpress Learnpress
12 CVEs affecting Thimpress Learnpress. Latest disclosed: 2026-06-01. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-36516 | High | 7.6 | 2024-06-19 | Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. |
CVE-2025-66054 | High | 7.5 | 2025-12-18 | Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |
CVE-2023-36515 | High | 7.3 | 2024-06-19 | Missing Authorization vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.3. |
CVE-2026-48865 | High | 7.1 | 2026-06-01 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress allows Reflected XSS. This issue af… |
CVE-2025-67536 | Medium | 6.5 | 2025-12-09 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress learnpress allows Stored XSS.This is… |
CVE-2024-39642 | Medium | 6.5 | 2024-08-13 | Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This iss… |
CVE-2025-22739 | Medium | 5.3 | 2025-03-27 | Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affec… |
CVE-2025-24740 | Medium | 4.7 | 2025-01-27 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects LearnPress: from n/a through <= 4.2.7.1. |
CVE-2024-39641 | Medium | 4.3 | 2024-08-26 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress LearnPress.This issue affects LearnPress: from n/a through 4.2.6.8.2. |
CVE-2018-16175 | | 2019-01-09 | SQL injection vulnerability in the LearnPress prior to version 3.1.0 allows attacker with administrator rights to execute arbitrary SQL commands via unspecifie… | |
CVE-2018-16174 | | 2019-01-09 | Open redirect vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks… | |
CVE-2018-16173 | | 2019-01-09 | Cross-site scripting vulnerability in LearnPress prior to version 3.1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |