Filtered by vendor Themeum Subscriptions
Total 47 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-0376 1 Themeum 1 Qubely 2024-11-21 5.4 Medium
The Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2023-0236 1 Themeum 1 Tutor Lms 2024-11-21 6.1 Medium
The Tutor LMS WordPress plugin before 2.0.10 does not sanitise and escape the reset_key and user_id parameters before outputting then back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-40963 1 Themeum 1 Wp Page Builder 2024-11-21 4.8 Medium
Multiple Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerabilities in WP Page Builder plugin <= 1.2.6 on WordPress.
CVE-2022-3830 1 Themeum 1 Wp Page Builder 2024-11-21 4.8 Medium
The WP Page Builder WordPress plugin through 1.2.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVE-2022-2563 1 Themeum 1 Tutor Lms 2024-11-21 4.8 Medium
The Tutor LMS WordPress plugin before 2.0.10 does not escape some course parameters, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2021-25017 1 Themeum 1 Tutor Lms 2024-11-21 6.1 Medium
The Tutor LMS WordPress plugin before 1.9.12 does not escape the search parameter before outputting it back in an attribute in an admin page, leading to a Reflected Cross-Site Scripting
CVE-2021-25013 1 Themeum 1 Qubely 2024-11-21 6.5 Medium
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin, as a result, any authenticated users, such as subscriber can delete arbitrary posts
CVE-2021-24916 1 Themeum 1 Qubely 2024-11-21 7.5 High
The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.
CVE-2021-24873 1 Themeum 1 Tutor Lms 2024-11-21 6.1 Medium
The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting issue
CVE-2021-24740 1 Themeum 1 Tutor Lms 2024-11-21 4.8 Medium
The Tutor LMS WordPress plugin before 1.9.9 does not escape some of its settings before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
CVE-2021-24455 1 Themeum 1 Tutor Lms 2024-11-21 5.4 Medium
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.9.2 did not escape the Summary field of Announcements (when outputting it in an attribute), which can be created by users as low as Tutor Instructor. This lead to a Stored Cross-Site Scripting issue, which is triggered when viewing the Announcements list, and could result in privilege escalation when viewed by an admin.
CVE-2021-24242 1 Themeum 1 Tutor Lms 2024-11-21 3.8 Low
The Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.8 is affected by a local file inclusion vulnerability through the maliciously constructed sub_page parameter of the plugin's Tools, allowing high privilege users to include any local php file
CVE-2021-24208 1 Themeum 1 Wp Page Builder 2024-11-21 5.4 Medium
The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets (though the custom HTML widget requires sending a crafted request - it appears that this widget uses some form of client side validation but not server side validation), all of which are added via the “page_builder_data” parameter when performing the “wppb_page_save” AJAX action. It is also possible to insert malicious JavaScript via the “wppb_page_css” parameter (this can be done by closing out the style tag and opening a script tag) when performing the “wppb_page_save” AJAX action.
CVE-2021-24207 1 Themeum 1 Wp Page Builder 2024-11-21 4.3 Medium
By default, the WP Page Builder WordPress plugin before 1.2.4 allows subscriber-level users to edit and make changes to any and all posts pages - user roles must be specifically blocked from editing posts and pages.
CVE-2021-24186 1 Themeum 1 Tutor Lms 2024-11-21 6.5 Medium
The tutor_answering_quiz_question/get_answer_by_id function pair from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
CVE-2021-24185 1 Themeum 1 Tutor Lms 2024-11-21 6.5 Medium
The tutor_place_rating AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.
CVE-2021-24184 1 Themeum 1 Tutor Lms 2024-11-21 8.8 High
Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions.
CVE-2021-24183 1 Themeum 1 Tutor Lms 2024-11-21 6.5 Medium
The tutor_quiz_builder_get_question_form AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
CVE-2021-24182 1 Themeum 1 Tutor Lms 2024-11-21 6.5 Medium
The tutor_quiz_builder_get_answers_by_question AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.8.3 was vulnerable to UNION based SQL injection that could be exploited by students.
CVE-2021-24181 1 Themeum 1 Tutor Lms 2024-11-21 6.5 Medium
The tutor_mark_answer_as_correct AJAX action from the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 was vulnerable to blind and time based SQL injections that could be exploited by students.