Known Vulnerabilities for Learnpress by Thimpress
Listed below are 10 of the newest known vulnerabilities associated with "Learnpress" by "Thimpress".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-25002 | Authentication Bypass Using an Alternate Path or Channel vulnerability in ThimPress LearnPress – Sepay Payment learnpre... | Not Provided | 2026-03-25 | 2026-03-26 |
| CVE-2025-60200 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Thim... | Not Provided | 2025-11-06 | 2026-04-01 |
| CVE-2025-24740 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in ThimPress LearnPress learnpress.This issue affects Learn... | Not Provided | 2025-01-27 | 2026-04-01 |
| CVE-2025-22739 | Missing Authorization vulnerability in ThimPress LearnPress learnpress allows Exploiting Incorrectly Configured Access Contro... | Not Provided | 2025-03-27 | 2026-04-01 |
| CVE-2022-0377 | Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After ... | 4.3 - MEDIUM | 2022-02-28 | 2023-11-07 |
| CVE-2022-0271 | The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via... | 6.1 - MEDIUM | 2022-04-11 | 2022-04-15 |
| CVE-2021-39348 | The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_prof... | 4.8 - MEDIUM | 2021-10-21 | 2022-08-05 |
| CVE-2021-24951 | The LearnPress WordPress plugin before 4.1.4 does not sanitise, validate and escape the id parameter before using it in SQL s... | 9.8 - CRITICAL | 2021-12-13 | 2021-12-16 |
| CVE-2021-24702 | The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, wh... | 4.8 - MEDIUM | 2021-10-18 | 2021-10-21 |
| CVE-2020-11511 | The LearnPress plugin before 3.2.6.9 for WordPress allows remote attackers to escalate the privileges of any user to LP Instr... | 8.1 - HIGH | 2021-07-30 | 2022-12-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Thimpress | Learnpress | 3.2.7 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.6.9 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.6.8 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.6.7 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.6.5 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.6.10 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.5.2 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.2 | All | All | All |
| Application | Thimpress | Learnpress | 3.2.1 | All | All | All |
| Application | Thimpress | Learnpress | 3.1.0 | All | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.2 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.6 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.5 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.4 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.3 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | openbeta.1 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | closebeta.2 | All | All |
| Application | Thimpress | Learnpress | 3.0.0 | closebeta.1 | All | All |
| Application | Thimpress | Learnpress | 2.1.8 | All | All | All |
| Application | Thimpress | Learnpress | 2.1.7 | All | All | All |