Shodan
Vulnerabilities
Vulnerable Software
Thimpress:  Security Vulnerabilities
CVE-2023-5651
The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated users, such as subscriber to delete arbitrary posts
CVSS Score
5.4
EPSS Score
0.0
Published
2023-11-20
CVE-2023-40009
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
CVSS Score
5.4
EPSS Score
0.0
Published
2023-10-03
CVE-2020-36757
The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
CVSS Score
4.3
EPSS Score
0.001
Published
2023-07-12
CVE-2023-30487
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ThimPress LearnPress Export Import plugin <= 4.0.2 versions.
CVSS Score
7.1
EPSS Score
0.001
Published
2023-05-18
CVE-2022-45355
Auth. (admin+) SQL Injection (SQLi) vulnerability in ThimPress WP Pipes plugin <= 1.33 versions.
CVSS Score
8.2
EPSS Score
0.003
Published
2023-03-29
CVE-2022-47615
Local File Inclusion vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS Score
9.3
EPSS Score
0.883
Published
2023-01-26
CVE-2022-45820
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS Score
9.1
EPSS Score
0.003
Published
2023-01-26
CVE-2022-45808
SQL Injection vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVSS Score
9.9
EPSS Score
0.747
Published
2023-01-26
CVE-2022-3360
The LearnPress WordPress plugin before 4.1.7.2 unserialises user input in a REST API endpoint available to unauthenticated users, which could lead to PHP Object Injection when a suitable gadget is present, leadint to remote code execution (RCE). To successfully exploit this vulnerability attackers must have knowledge of the site secrets, allowing them to generate a valid hash via the wp_hash() function.
CVSS Score
8.1
EPSS Score
0.115
Published
2022-10-31
CVE-2021-36852
Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Hotel Booking plugin <= 1.10.5 at WordPress.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-08-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved