Themeum Security Vulnerabilities (CVEs)

Track 32 security vulnerabilities affecting Themeum products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

2 Critical

14 High

16 Medium

Sort by:

🔔 Get Alerts for Themeum

CVE-2025-6680 4.3

The Tutor LMS WordPress plugin up to version 3.8.3 contains an access control vulnerability that allows authenticated users with tutor-level permissio...

Oct 25, 2025

CVE-2025-11564 5.3

This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to bypass payment verification by forging webhook requests with 'rec...

Oct 25, 2025

CVE-2025-5831 8.8

The Droip WordPress plugin allows authenticated attackers with Subscriber-level access or higher to upload arbitrary files due to missing file type va...

Jul 25, 2025

CVE-2025-1508 5.3

The WP Crowdfunding WordPress plugin has an authorization vulnerability that allows authenticated users with subscriber-level access or higher to down...

Mar 12, 2025

CVE-2024-9601 6.5

The Qubely WordPress plugin has a stored XSS vulnerability that allows authenticated attackers with Contributor access or higher to inject malicious s...

Feb 14, 2025

CVE-2024-11910 6.4

The WP Crowdfunding WordPress plugin has a stored cross-site scripting vulnerability in its search block. Authenticated attackers with Contributor-lev...

Dec 13, 2024

CVE-2024-10393 5.3

The Tutor LMS WordPress plugin vulnerability allows unauthenticated attackers to register user accounts even when site registration is disabled. This ...

Nov 21, 2024

CVE-2024-10400 7.5

This SQL injection vulnerability in the Tutor LMS WordPress plugin allows unauthenticated attackers to inject malicious SQL queries through the 'ratin...

Nov 21, 2024

CVE-2024-10897 4.3

The Tutor LMS Elementor Addons WordPress plugin has a missing capability check that allows authenticated users with Subscriber-level access or higher ...

Nov 15, 2024

CVE-2024-43937 6.4

This CVE describes a Missing Authorization vulnerability in the Themeum WP Crowdfunding WordPress plugin that allows attackers to change plugin settin...

Nov 1, 2024

CVE-2024-5784 7.1

The Tutor LMS Pro WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or higher...

Aug 30, 2024

CVE-2024-43954 6.3

This CVE describes an incorrect authorization vulnerability in the Themeum Droip WordPress plugin that allows users with lower privileges (like subscr...

Aug 29, 2024

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that allows attackers to download or delete arbitrary ...

Aug 29, 2024

CVE-2024-43231 6.5

A stored cross-site scripting (XSS) vulnerability in the Tutor LMS WordPress plugin allows attackers to inject malicious scripts into web pages. When ...

Aug 12, 2024

CVE-2024-1804 4.3

The Tutor LMS Migration Tool WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access o...

Jul 27, 2024

CVE-2024-37947 5.9

This stored cross-site scripting (XSS) vulnerability in the Tutor LMS WordPress plugin allows attackers to inject malicious scripts into web pages. Wh...

Jul 20, 2024

CVE-2024-37266 4.9

This path traversal vulnerability in Tutor LMS WordPress plugin allows attackers to access files outside the intended directory. It affects all Tutor ...

Jul 9, 2024

CVE-2024-37256 7.6

This SQL injection vulnerability in Tutor LMS WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all Tuto...

Jul 9, 2024

CVE-2023-25799 8.3

CVE-2023-25799 is a missing authorization vulnerability in the Tutor LMS WordPress plugin that allows unauthorized users to access student data and pe...

Jun 11, 2024

CVE-2024-5438 4.3

This vulnerability allows authenticated attackers with Instructor-level access or higher in Tutor LMS WordPress plugin to delete arbitrary quiz attemp...

Jun 7, 2024

CVE-2024-4902 7.2

This vulnerability allows authenticated attackers with admin-level access in Tutor LMS WordPress plugin to perform time-based SQL injection attacks vi...

Jun 7, 2024

CVE-2024-4352 8.8

This vulnerability in Tutor LMS Pro WordPress plugin allows authenticated attackers with subscriber-level permissions or higher to bypass authorizatio...

May 16, 2024

CVE-2024-4222 7.3

The Tutor LMS Pro WordPress plugin up to version 2.7.0 lacks proper capability checks on multiple functions, allowing unauthenticated attackers to add...

May 16, 2024

CVE-2024-4223 9.8

The Tutor LMS WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete data. This...

May 16, 2024

CVE-2024-4318 8.8

This vulnerability allows authenticated attackers with Instructor-level permissions or higher in Tutor LMS for WordPress to perform time-based SQL inj...

May 16, 2024

CVE-2024-4279 6.5

This vulnerability allows authenticated attackers with Instructor-level permissions or higher in Tutor LMS WordPress plugin to delete any course witho...

May 16, 2024

CVE-2024-3553 6.5

This vulnerability in Tutor LMS WordPress plugin allows unauthenticated attackers to enable user registration on WordPress sites where it was previous...

May 2, 2024

CVE-2024-1751 8.8

This vulnerability allows authenticated attackers with subscriber/student access or higher to perform time-based SQL injection attacks via the questio...

Mar 13, 2024

CVE-2023-25800 8.8

This SQL injection vulnerability in the Tutor LMS WordPress plugin allows attackers to execute arbitrary SQL commands on the database. It affects all ...

Nov 3, 2023

CVE-2021-24916 7.5

The Qubely WordPress plugin before version 1.8.6 contains an unauthenticated email injection vulnerability. Unauthenticated attackers can send arbitra...

Aug 7, 2023

CVE-2023-3133 7.5

This vulnerability allows unauthenticated attackers to access private lesson information in Tutor LMS WordPress plugin. WordPress sites using Tutor LM...

Jul 4, 2023

CVE-2021-24184 8.8

This vulnerability in Tutor LMS WordPress plugin allows students to access unprotected AJAX endpoints, enabling them to modify course information and ...

Apr 5, 2021

Why Monitor Themeum Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 32+ known vulnerabilities affecting Themeum products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Themeum packages in under 60 seconds. No agents required - completely agentless scanning that works across Themeum deployments.

Free vulnerability database: Access detailed information about every Themeum CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Themeum CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Themeum CVEs Free