cbcvebase.

Thimpress Learnpress Export Import vulnerabilities

6 known vulnerabilities affecting thimpress/learnpress_export_import.

Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH4MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-60200P3HIGHCVSS 7.5≤ 4.1.22025-11-06
CVE-2025-60200 [HIGH] CWE-98 CVE-2025-60200: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows PHP Local File Inclusion.This issue affects LearnPress Export Import: from n/a through <= 4.1.2.
nvd
CVE-2024-31241P3HIGHCVSS 7.6≥ n/a, ≤ 4.0.32024-04-07
CVE-2024-31241 [HIGH] CWE-89 CVE-2024-31241: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ThimPress LearnPress Export Import.This issue affects LearnPress Export Import: from n/a through 4.0.3.
nvd
CVE-2025-49992P4HIGHCVSS 7.1≤ 4.0.92025-10-22
CVE-2025-49992 [HIGH] CWE-79 CVE-2025-49992: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import learnpress-import-export allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through <= 4.0.9.
nvd
CVE-2024-32588P4HIGHCVSS 7.1≥ n/a, ≤ 4.0.32024-04-18
CVE-2024-32588 [HIGH] CWE-79 CVE-2024-32588: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress LearnPress Export Import allows Reflected XSS.This issue affects LearnPress Export Import: from n/a through 4.0.3.
nvd
CVE-2023-30487P4MEDIUMCVSS 6.1≥ n/a, ≤ 4.0.22023-05-18
CVE-2023-30487 [MEDIUM] CWE-79 CVE-2023-30487: Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plu Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
nvd
CVE-2024-9609P4MEDIUMCVSS 6.1fixed in 4.0.52024-11-15
CVE-2024-9609 [MEDIUM] CWE-79 CVE-2024-9609: The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable The LearnPress Export Import – WordPress extension for LearnPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'learnpress_import_form_server' parameter in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject ar
nvd
Thimpress Learnpress Export Import vulnerabilities | cvebase